MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8a7600b813dbd100629f8353a30592f21163319ab6229b1b46c2693483b2ae1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8a7600b813dbd100629f8353a30592f21163319ab6229b1b46c2693483b2ae1
SHA3-384 hash: be6e39176558f054ed1d714ce3df6c03426523a0f897f550b8848ae8d1162914504030e3e0495f85ba526100e394beac
SHA1 hash: f8df53445ba6cacdc63c7b9d1c666fbcf97c54f7
MD5 hash: 21d81add38d164fcf3afac2d306163d4
humanhash: ink-north-four-stream
File name:Sample.bin
Download: download sample
Signature ZLoader
Create hunting rule
File size:385'024 bytes
First seen:2020-07-10 06:25:25 UTC
Last seen:2020-07-10 07:14:11 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash c7aff45c438237a42f26705a0349b085 (1 x ZLoader)
ssdeep 6144:ciGjekRGhs/YKMumqa9Hh2s7F+uU9G/u5JFAT9ENXw4chl3FcMChl7Akp9cOhnUa:cZKkRkuMumqa9VINPw9WGFahGkpBhYni
Threatray 144 similar samples on MalwareBazaar
TLSH 21848C613993C47DF21B5B7C4813C0BC2695BD139634B8E732EA1E4FDA639C24E60B66
Reporter JAMESWT_WT
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24208/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a window
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b8a7600b813dbd100629f8353a30592f21163319ab6229b1b46c2693483b2ae1/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 06:27:04 UTC
File Type:
PE (Dll)
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
0573d56a84aac658edac1e93d08390c1a8378ed2d801b2460ac89a8ef643eb7d
ZLoader
17ddc83d49b6cd1d511e8c5498c44d8b4bdbbb69b13011a180f8bded117ff2f7
ZLoader
3326d4607b164078735ee55313992c18e83e6b87b75faf350b8c61a99eb2b659
ZLoader
3bf8fbdad095013493d1b90f5c82880dc57145dfbb54fdf225ded88ba6b1618b
ZLoader
3dd800b875aa0ef2fa0923babdd4b162555a1c3ff3c58e9291d45fff82389816
ZLoader
455c21fbac342659cd4b5cc162772117cce60f6b59f04dba0dd4327868a428eb
ZLoader
b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706
ZLoader
ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136
ZLoader
e7f1b2d2601e9a6427a155a3599614c09c9edaae7eb8f10b81e1f3e117717157
ZLoader
f28dd082013ee7df2f5956c4e8791e863e575aa64071af9a910826bc12d27acb
ZLoader
+ 134 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
evasion spyware trojan botnet family:zloader
Link:
https://tria.ge/reports/200710-1t1c5gtkha/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Modifies system certificate store
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/DynamicAnalysis/status/1281360949111382016?s=20
Cape
Cape
https://www.capesandbox.com/analysis/24208/

Comments