MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08
SHA3-384 hash: 2f956a326638423d6b394b714535f6af8e7ff3a5427dc27ea58b13ae1d336125e1ce28383ae7910a88f97cc488b9dff1
SHA1 hash: c51f2a884c024e442c1ae0d9bf9511c96a1fa02c
MD5 hash: f8a7273ef763776e5612ac1f47f6d405
humanhash: xray-tango-kitten-echo
File name:june9.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:503'296 bytes
First seen:2020-06-10 15:46:04 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 260441d5ca8d9f18f1b88c86dd5a5a50 (2 x ZLoader, 1 x Gozi)
ssdeep 12288:uDKxKMk8ChMNo+e8kGOK9ab4ozUWdBENcYcj6D9r6W3FaOi:uDjMk8IMNYnGOSSjgW41QEv1aO
Threatray 213 similar samples on MalwareBazaar
TLSH E7B4D0D12A40B2B4E14F893D9421A07281BCBC652F14D4D1FA878BBB3A374FA9954FD7
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 15:44:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yzjtmvsx7p3fiknnqroqudmtcbxjokwkskltsvqp6s2hs26sxyea._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
0829886e0ca34a32fa545e0a53d7a2208d963b7b826a14aefde94d9ff4f549e5
ZLoader
0da9847b866af42aeca7cca453cab719a46d255ee252fe15184b3e3e401ab8a0
ZLoader
1b81bb8eba4f537a34f2ca2ab55b98b28eda558e2ef11a3fcf2f167f4ef6b66c
ZLoader
20a6a3dde2b79a85641bcfa4d8e03a48dde38aa55137f18fb567de24d3a0beec
ZLoader
349a52b2d011c6f570d87ca4706a644c0f4ab8a6b96decd522c2fd789ecf50ac
ZLoader
6083d7084795ed9d60be324c610dbfab644a3e25c982755a93071e23db11198a
ZLoader
63576b3bcc6c0509b9855aaa0ff27fa949da6f878e39cedf0f1bbb504aff7a98
ZLoader
793f375be5ed01b66b47d24ca49594af11ddcd125f3fb41ca77cae45632eba52
ZLoader
c158b8ed8c9a0221bfeb3dea8d026d5bb9bade9ecfd19191ada59c51c8eb4089
ZLoader
fd25b09006d514098cff84fe7c68b57ddbf3f5b6229e419689e2bfb28164b6e7
ZLoader
+ 203 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:june08 campaign:june botnet trojan
Link:
https://tria.ge/reports/201109-gphgcqnz6n/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
http://snnmnkxdhflwgthqismb.com/post.php
http://nlbmfsyplohyaicmxhum.com/post.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385268/
  
Delivery method
Distributed via web download

Comments