MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000
SHA3-384 hash: 11fd9fef94f329f7df175941439fc100aa6e84844c6bbcb4b7142a1077c3d57623a2fd4518c7a1a96162798ea8fc0289
SHA1 hash: 140b2e5b1aaa43400795ed21c176754ac6048dc5
MD5 hash: 546fd2b31496c60ad6012c080b03f643
humanhash: equal-butter-mississippi-cardinal
File name:polysemous.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:262'144 bytes
First seen:2020-06-29 19:55:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 47d00fcdb41310734d2edb003f48986c (1 x ZLoader)
ssdeep 6144:m3uo9etp6RdsE84WGfI1DcRBfBt1itFn2ybm7MT59T:mBjR+rAD/SFWY
Threatray 171 similar samples on MalwareBazaar
TLSH EB44AE34CFEC9D54D26B96BDA9247711A780D30CF7AFAE0F99D0428084E267B271672C
Reporter Racco42
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16580/
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 05:47:23 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ui4h55otv4itzdeqf5dy34oc2732plhxfgdtwe2qrqprsfn7kaaa._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2
ZLoader
0c8569e4304f46352b041dcb692f85c9e195130db2013d4f2216130603478035
ZLoader
1d36ad7531393b119ef8e73253874e7af0f22f20a8072797d6ff243e7bb66bb8
ZLoader
23843640cfae43671a48b17dc4fe585a8e37e3767039f82448077c5b54694a57
ZLoader
25d19c2c3cb08b7634e2bc8ec87f05765bca558e74899c9e71e576d23cd70266
ZLoader
431a34f1ab6dec2c646b408b9b5ce091882244fde39498484fc0c73390d8f7f0
ZLoader
56f9b54e1e16887d66b8b9b7ea71d610951c18662a132cf7c9900d67b9745e81
ZLoader
5b831fb067dfb53992bb8a346e4fc038de6441a94ad5a3932dc8bd64f80e56fc
ZLoader
8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be
ZLoader
dec5d4a8805defd810a545d6cb3e46cb7bb72a63f0d1c60cef82baf15bfad39b
ZLoader
+ 161 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Link:
https://tria.ge/reports/200629-zhvg8j19cx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run entry to start application
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/16580/

Comments