MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66d4f17726f5853e6127da6c02b6760f5cabbcf2793673d0db6b93517a537a78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66d4f17726f5853e6127da6c02b6760f5cabbcf2793673d0db6b93517a537a78
SHA3-384 hash: 3dd33d1ab1e8b9afebb1c240153789e7c958dfc5d29d184f22c33b8e01f3ff23f18424ca901b9d62b7802bc33970afaf
SHA1 hash: bf54d6be7f59dbaa0add9e4a0615736d99ceeca3
MD5 hash: d3b52650de0ec3f5705f92e313717c1b
humanhash: helium-eleven-golf-happy
File name:zte(1).dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:484'864 bytes
First seen:2020-06-10 15:46:25 UTC
Last seen:2020-06-10 15:46:35 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 8576f2eda7a30aeed43fccdbadabc440 (16 x Gozi, 10 x ZLoader)
ssdeep 12288:T2s615320KPnJHFlswhjmoUYtIdySZYBk:TZ8V98jmotI2S
Threatray 138 similar samples on MalwareBazaar
TLSH 9EA4D0E25940B2B0D14BC97E9420B1B681F97C2A7F549180F98B47B735372FAA994FC3
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 15:44:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m3kpc5zg6wct4yjh3jwafntwb5okxphspe3hhug3nojvc6stpj4a._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
0eb381723057cbec531c209a0b5dca273d5c05ca5832b4d7baa2447d32e861cf
ZLoader
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
ZLoader
54fba19e9bdd0cdc7f3900f716e90dfa0f96c282c768747d667d2b227ccbe484
ZLoader
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
ZLoader
8dbbc783a02a103f860b387d4c62c278b47c234e5ad4331eda1ba6ed7b06194f
ZLoader
8e8ac33ad3757a7f33a24efbe9ec50a57d33de94a99327fdc38a9d8c3b21ad9b
ZLoader
97acd15ebfaa1ac340cac6a4575d59d03ee08eb9b825eebf674d4ed123dd5667
ZLoader
98a58a4f1a0b1305c473eeafa6dac80c2e2edd7e8aa8fe6d32ccac81318de1e5
ZLoader
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
ZLoader
fa240d61efeb769d33cc081f2086ae6b65cda847a80440c82d97867fd1fbd6ab
ZLoader
+ 128 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet persistence trojan
Link:
https://tria.ge/reports/201109-vfx6j1jgga/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments