MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d
SHA3-384 hash: 948e2610c02a4eca6f7a2950bd273239631e129fcfea280cc6cd82e24683c14575247752735e969667f8a97bb67cb732
SHA1 hash: f152329df180bc65ea479502346d649b973449bc
MD5 hash: 51e92b188d28211c9d6930ee232c311b
humanhash: missouri-paris-cup-mango
File name:sample.bin
Download: download sample
Signature ZLoader
Create hunting rule
File size:368'640 bytes
First seen:2020-07-09 06:41:15 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3431d030a6be8090ee0b5631072bfa95 (1 x ZLoader)
ssdeep 6144:fTlkO/kuDfFUiVXWD3hoVmRj5UMFObaa:filuDfumWDO0d0ba
Threatray 127 similar samples on MalwareBazaar
TLSH F774F122BEA0D474C008A57ECCA1C1FC5639BC50EF6464B739DD6F9FBB6329482B6251
Reporter JAMESWT_WT
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/23424/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a window
Running batch commands
Creating a process with a hidden window
Launching the process to interact with network services
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 06:43:03 UTC
File Type:
PE (Dll)
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
0573d56a84aac658edac1e93d08390c1a8378ed2d801b2460ac89a8ef643eb7d
ZLoader
17ddc83d49b6cd1d511e8c5498c44d8b4bdbbb69b13011a180f8bded117ff2f7
ZLoader
1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf
ZLoader
455c21fbac342659cd4b5cc162772117cce60f6b59f04dba0dd4327868a428eb
ZLoader
5bbdd845eeb4c298a4edd8f578f4a832086559391ccb2e6e8b50b8c3c10b7fec
ZLoader
9c2ce7e11dbd811e2c3e001326f967a0457119b007baebc290e054fad52ea0f0
ZLoader
b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706
ZLoader
ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136
ZLoader
cf90fce260606f17508445c8347dc274157bd269c002fd705ab168be96f28538
ZLoader
e7f1b2d2601e9a6427a155a3599614c09c9edaae7eb8f10b81e1f3e117717157
ZLoader
+ 117 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader evasion spyware
Link:
https://tria.ge/reports/200709-hnmb9rzswa/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Modifies system certificate store
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/DynamicAnalysis/status/1280892126428114944?s=20
Cape
Cape
https://www.capesandbox.com/analysis/23424/

Comments