MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af
SHA3-384 hash: db498874368175491141279fe91db30355cb177f293dac6f56f059b41dfb2ebeb32773bcf75997a96f94fbe13200b31c
SHA1 hash: 25fbe1ef6ed713011a02cd6fc930105d4f612130
MD5 hash: 086e1c7401f82543d162ebaef816ef35
humanhash: jupiter-six-xray-apart
File name:june30.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:621'568 bytes
First seen:2020-07-01 07:48:37 UTC
Last seen:2020-07-01 10:01:04 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 308141c79342b2d7737db8da0cb9ce22 (1 x ZLoader)
ssdeep 12288:p+gJA98D0ogyQT7x1wn6UIxsuAmHdbL69ZqQB02iMQ/t:pu8DRgHLC6UyzZWJB02iMQ/
Threatray 137 similar samples on MalwareBazaar
TLSH 14D47C01B6A1D038F4BF06F5497DE1AD582CBD905B6488DBB3C46EEF5A249D4AD30B23
Reporter JAMESWT_WT
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17610/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 03:57:04 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xdhpgqvepekwcwrvvk3tgnlh3n6imvynjuzweryodg3nbm62wgxq._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
26c6d799dffff9bc1a4a8eb24204bd91e4f1694014ba0d6557a0e3e20e64608e
ZLoader
280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938
ZLoader
29c222f82d9db373ee755ac832c22540afb8f8708eafe8e96266a02b80759066
ZLoader
42bb5eae534eb2cea979c300b797a65febf291b28aea0b9d8bbea7d0a41bffa2
ZLoader
a81932797aa7e6324dc3390718163035c75620e6a0fa29c146c13c33b654a283
ZLoader
a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
ZLoader
c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
ZLoader
dd84bd6db3500e786976d5c10fd2388a46dd5c34f79abd5dff624b9a568637aa
ZLoader
df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c
ZLoader
f84e08a4d83f63cb37f7117f401c242ecbd3ebbd6b7a12fb99332bcf5950f803
ZLoader
+ 127 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
persistence spyware trojan botnet family:zloader
Link:
https://tria.ge/reports/200701-87235lf94e/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Runs net.exe
Discovers systems in the same network
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Modifies service
Reads user/profile data of web browsers
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af

(this sample)

  
Link
http://205.185.125.104/files/june30.dll
  
URLhaus
https://urlhaus.abuse.ch/url/406767/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/17610/

Comments