MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8
SHA3-384 hash: c6284e8fa45e5e527b05f2f8e948f63969bd6ea2ab057abcc0ac31ba34502872a156a665451bc9ee335ef758bcba4edd
SHA1 hash: d1ed2bd42658512faaacbe8d8230d3b542991654
MD5 hash: 06758591f9fede42c56ee311988acc4a
humanhash: neptune-seven-floor-mobile
File name:B3.DLL
Download: download sample
Signature ZLoader
Create hunting rule
File size:580'608 bytes
First seen:2020-09-02 11:00:05 UTC
Last seen:2020-09-09 13:06:44 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash ffa8edb184bae936b92a8e82f25e2342 (1 x ZLoader)
ssdeep 6144:UXhlbaTbLY6VhaQOJz3utQQ24SKJi5+RvoNQ/JyRpYrCwZ:UXh5a7BV83utQQ24xvorRpYP
Threatray 6 similar samples on MalwareBazaar
TLSH 60C4A402F7D71F27CD9B3136845A2C77817BEE940799FA0746A9F944DAB03E93B21206
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/54309/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/457383
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 281077 Sample: B3.DLL Startdate: 02/09/2020 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 6 9 6->8         started       
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-09-01 22:23:13 UTC
File Type:
PE (Dll)
Extracted files:
26
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
3712c1a9e9ab864ee28897d0802179db4a2f664f61629f1154437640be377530
ZLoader
4a98d46de3bd022d30b403013cd03c5142cf01341bf18e76e487311a8bbee252
ZLoader
6943af74133b5003dd39c65473d54749c131536d8fd773801de2e80ede8e0c0a
ZLoader
c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2
ZLoader
d2f0049cd462aa2fadc04698f15209d5f31c185d3b99f71e8f564f20ae9b9d51
ZLoader
eecaf5677c5c21d268261eef35a819549dda3c454e9b60e368070aa3bfd2f54c
ZLoader
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/200902-a2yalrpl52/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
ZLoader
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/54309/

Comments