MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564
SHA3-384 hash: 3358ee73680f448bad058845bb6c768e8bbd414f5e7fbbe2dc280871a224ca9a8965eba439f7cde61b43b55dca65b950
SHA1 hash: d6d5ea77c50e01a1472e8ea7dbd1380df65fe0b4
MD5 hash: d50829ab5499f6ec3a0829515db611d0
humanhash: river-lion-low-august
File name:sustenance.dll
Download: download sample
File size:538'456 bytes
First seen:2020-06-10 16:48:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 6e2c79651965eae219ba1dea95d4f3ca
ssdeep 6144:CG/nMeCMDNS1wz3YpxG7Y2nwT6ESbgwZQ6gRPhkqNMyHMr+u/B:PfM8DNS1wkb52UNaQ5R5kqytr+u5
Threatray 145 similar samples on MalwareBazaar
TLSH B6B40261549BC41FED7095784D2D48223093AD933B7DCCCBE2A36A8CDE768B74729247
Reporter JAMESWT_WT
Tags:dll ZLoader

Code Signing Certificate

Organisation:BNOCWMCVUCKUBIUXNJ
Issuer:BNOCWMCVUCKUBIUXNJ
Algorithm:sha1WithRSA
Valid from:Jun 10 09:45:26 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 50E4C4B8134DE8B947CE0AF410808957
Thumbprint Algorithm:SHA256
Thumbprint: 4A45213A6D2256FA5D3A3B1F80B1EDE7A5F5B605EF2B0676259B0BF3E0E1A362
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 16:50:10 UTC
File Type:
PE (Dll)
Extracted files:
13
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
0eb381723057cbec531c209a0b5dca273d5c05ca5832b4d7baa2447d32e861cf
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
3c774090ba37e891c0268796302378c8340f29c3d5dd1be52395abfd2c126bea
66d4f17726f5853e6127da6c02b6760f5cabbcf2793673d0db6b93517a537a78
73abd3856eaa081063998925894e6a335b1ef4a79434eddd312ef15cccf2360e
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
8cef73774b9cbc3a63d6212cc1361b9b77c3dfc05d815730e2132535ebadaaa5
8dbbc783a02a103f860b387d4c62c278b47c234e5ad4331eda1ba6ed7b06194f
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
af665b25b8506408fc9764859ec6bc30b9560d484280d8d115e3e06d4bb973d1
+ 135 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:can1 campaign:vbsdll5 botnet persistence trojan
Link:
https://tria.ge/reports/201109-e7t1r93kmn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://studentsclasses.com/post.php
https://booking-king.com/post.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments