MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e8ac33ad3757a7f33a24efbe9ec50a57d33de94a99327fdc38a9d8c3b21ad9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e8ac33ad3757a7f33a24efbe9ec50a57d33de94a99327fdc38a9d8c3b21ad9b
SHA3-384 hash: e1a2d2636ebe0585a4727ecbfe4793a3cbfe5045dfe4d1150d6886fbdec14070802f96bdfee3e73d2145dc095553905f
SHA1 hash: e3453f8ffef5703c27ddc2afc5b25774809f0615
MD5 hash: 625682b05e96bdb2288a9e8178d797f6
humanhash: hot-steak-two-lactose
File name:zte.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:484'864 bytes
First seen:2020-06-16 07:42:04 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 8576f2eda7a30aeed43fccdbadabc440 (16 x Gozi, 10 x ZLoader)
ssdeep 12288:T2s6153o0KPnJHFlswhjmoUYtIdySZYBk:TZ8VT8jmotI2S
Threatray 138 similar samples on MalwareBazaar
TLSH EAA4D0E25940B2B0D14BC97E9420B1B681F97C2A7F549180F98B47B735372FAA994FC3
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10650/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.50034.29723.12589.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 07:44:04 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
0eb381723057cbec531c209a0b5dca273d5c05ca5832b4d7baa2447d32e861cf
ZLoader
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
ZLoader
54fba19e9bdd0cdc7f3900f716e90dfa0f96c282c768747d667d2b227ccbe484
ZLoader
66d4f17726f5853e6127da6c02b6760f5cabbcf2793673d0db6b93517a537a78
ZLoader
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
ZLoader
8dbbc783a02a103f860b387d4c62c278b47c234e5ad4331eda1ba6ed7b06194f
ZLoader
97acd15ebfaa1ac340cac6a4575d59d03ee08eb9b825eebf674d4ed123dd5667
ZLoader
98a58a4f1a0b1305c473eeafa6dac80c2e2edd7e8aa8fe6d32ccac81318de1e5
ZLoader
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
ZLoader
fa240d61efeb769d33cc081f2086ae6b65cda847a80440c82d97867fd1fbd6ab
ZLoader
+ 128 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/200624-llzwn3x44x/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10650/

Comments