MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c55e3938e9c2c9d00235d8ed87a55adc18fa1c6377a9ee0fd6212916c67d0020. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c55e3938e9c2c9d00235d8ed87a55adc18fa1c6377a9ee0fd6212916c67d0020
SHA3-384 hash: fe70011a8eeb5242de8623ebdfabd76f03a1d4d64a6a64d8c48f124424a5d8745adbc695256290d85eec506562376d59
SHA1 hash: 53082a7fa62dc4fe54586df6a6e481fe8beca1aa
MD5 hash: 6501006a6d47bc73976db9f3385c3c46
humanhash: oscar-oranges-ohio-georgia
File name:spam20.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:366'592 bytes
First seen:2020-04-20 18:32:44 UTC
Last seen:2020-04-20 21:00:03 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 83cf26ff3548456dc06a6d6d0227db78 (2 x ZLoader)
ssdeep 6144:091kAIgU+wK4UrePimd2jGZFakdU8fLx1tK7IwyBfb7T0Y:090gUQe6dUFHU8pi6xb7T
Threatray 51 similar samples on MalwareBazaar
TLSH 5074C005B6E1C968E464587ADF2CD0FC164A3C90DF7065933AE2BF4F7BB02E19625722
Reporter abuse_ch
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.6501006a6d47bc73.4753.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 01:13:00 UTC
File Type:
PE (Dll)
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yvpdsohjyle5aarv3dwypjk23qmpuhddo6u64d6weeurnrt5aaqa._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
gozi
Create hunting rule
Similar samples:
2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9
ZLoader
3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
ZLoader
4553d627f2509e19e9b84491c08ec9854d785df4f74e900b969c57ccd244c086
ZLoader
a47685b867e6b164a812a05f35b6732c9b81f1fc75b2a7242c18436a9329d247
ZLoader
bc0b57f04efe4239fcc02f049c97016c653c963de8cbe45bcf9449cd16919f08
ZLoader
c44e8d9dba3b4a4cc835b460e69d336347fd3fbfb67621d7cd6e8723976607ce
ZLoader
e4601ce15ad7bca4617ad033f129a5d507f8e55b979c97a78cf31a6f501cb046
ZLoader
f27183fd7586c6eaca1f6aaed3a7c3c6e52894e23b9656c3953318a85bbbec5d
ZLoader
f2e73ee6ab0ad79e0cd537bd856d9e694851912283bca7fb73eb3fc335528353
ZLoader
fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306
ZLoader
+ 41 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll c55e3938e9c2c9d00235d8ed87a55adc18fa1c6377a9ee0fd6212916c67d0020

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/host/wmwifbajxxbcxmucxmlc.com/
  
X
https://twitter.com/CptJSparr0w/status/1252282952605630465
anyrun
any.run
https://app.any.run/tasks/5f8689f7-246a-45a0-98c7-20d32e9a1fee/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/347004/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::GetFileAttributesA

Comments