MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73abd3856eaa081063998925894e6a335b1ef4a79434eddd312ef15cccf2360e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73abd3856eaa081063998925894e6a335b1ef4a79434eddd312ef15cccf2360e
SHA3-384 hash: fb99b83ea63d33acb6f11ef6cea58ed82a61f176f63106e95b33e7b416054d40dafa4620eb84d5c5be580671814fcbc2
SHA1 hash: ee172da3e91ac9fdfb1b3c5bb75459abb84e61cf
MD5 hash: 3adaa567c12f5d074d6412e5a9d58df0
humanhash: gee-six-massachusetts-purple
File name:dws.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:679'936 bytes
First seen:2020-06-10 15:45:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f9b9221f67b0fccc2e9a35bec3a33d30 (5 x Gozi, 3 x ZLoader)
ssdeep 12288:bHMY2akXvNE8jI0pNnG/yin1bb6H9UoyLRAq6BdnbbXO+uVBzSeiTzF:gy6NE88KBitR6H9xWRPYOBzqX
Threatray 188 similar samples on MalwareBazaar
TLSH 8BE48D1277B04024F6BB1BB854FB11659A7E7ED09738C5CB43C022EA4AB7AD0AE34757
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 15:44:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oov5hbloviebay4zresysttkgnnr55fhsq2o3xjrf3yvzthsgyha._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
0eb287052bad63c28c2ddb52722b87a40331cb41806e494cd4d83c8b409c6178
ZLoader
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
ZLoader
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
ZLoader
998014de6243f054fde2ba82c0c094313b59bc040bd5940a47163e383760af9b
ZLoader
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
ZLoader
a07a359c59be4c8213ab755da287c7bf2da497415185e1c434b55cad6af544de
ZLoader
a9b7021255f515544819e0d0d7fc650a7c2f373efbd6582761679f2ae6ce05cc
ZLoader
ccdee30c90b6f380a5596715bd42f7694814c859ca9b3da00fe9918b22ffd715
ZLoader
e283e238a6df23efffad6f388ccc2de0b1e6f072fd6fb4eaed8065aa1d5a5aec
ZLoader
fd8c062ff0b80d0560a5c239f9a035e821053ff0ee1e3907c88bb4a4b04fee30
ZLoader
+ 178 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet persistence trojan
Link:
https://tria.ge/reports/201109-wn8e68sfnj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments