MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
SHA3-384 hash: 49d7383cbc0c39a1a90f52f460edbf8df55a0c62e91ee9c2377d03af4205a56f5e9b4eee74858f3f9c597429d210f502
SHA1 hash: 55a1669550d823104e1452f0e6a0a94c3f7fae12
MD5 hash: e83a8a849188b48e79a6f49dd0c7ae91
humanhash: may-network-delaware-quiet
File name:xiynk.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:364'544 bytes
First seen:2020-06-26 08:42:42 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3e992137b4b72360676077caae312186 (3 x ZLoader)
ssdeep 6144:IOA9EZXHHOsAFPtetI7AW7JOpoTIXbv6M19HBqxJPVZ5IebbnB:9A9EZZAFPtkI751OnrRbOJ1P
Threatray 891 similar samples on MalwareBazaar
TLSH C1746D2033B5442CF3574B3D88A2C2735999FD82D575BDEF30C12E8B64472D386A9B9A
Reporter JAMESWT_WT
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14797/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 00:49:38 UTC
File Type:
PE (Dll)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vf5xwi2t3sibfnwlsfhwmzoq5e7vk6czieos4cfziiywycoxwb7q._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
26c6d799dffff9bc1a4a8eb24204bd91e4f1694014ba0d6557a0e3e20e64608e
ZLoader
280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938
ZLoader
29c222f82d9db373ee755ac832c22540afb8f8708eafe8e96266a02b80759066
ZLoader
42bb5eae534eb2cea979c300b797a65febf291b28aea0b9d8bbea7d0a41bffa2
ZLoader
a51d5fe8c5f9ea9c4af866b7b6669845433934e4b4528995a3ac1702e7002c0e
ZLoader
a81932797aa7e6324dc3390718163035c75620e6a0fa29c146c13c33b654a283
ZLoader
b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af
ZLoader
c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
ZLoader
dd84bd6db3500e786976d5c10fd2388a46dd5c34f79abd5dff624b9a568637aa
ZLoader
df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c
ZLoader
+ 881 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Link:
https://tria.ge/reports/200626-953qfplyej/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Runs net.exe
Discovers systems in the same network
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.malware-traffic-analysis.net/2020/06/25/index2.html
Cape
Cape
https://www.capesandbox.com/analysis/14797/

Comments