MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
SHA3-384 hash: 7373e246f8394246fc507797ae2a79f69c36d13d10fd57fd1cd4a2b00e0fe2c2ae1e8dbc4de6cb48da2de1222597f9ad
SHA1 hash: c85e06833ba3a037e3685dd05308ef98e2c72e82
MD5 hash: fc33761a594599efe5617c8359531b38
humanhash: washington-vegan-hawaii-lamp
File name:SecuriteInfo.com.Variant.Johnnie.255811.4892.11381
Download: download sample
Signature ZLoader
Create hunting rule
File size:434'176 bytes
First seen:2020-06-19 23:33:23 UTC
Last seen:2020-06-22 07:21:01 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 991df9a4e85f5c69b2489b1877be1c8a (2 x ZLoader)
ssdeep 6144:kQ0fpRug1NzpAhY2Zgi1ny2YT2oqCesyq+V6pDDW3FdREH5gH+xWz1:kQ0Rsg58Yti9y2voyskVmO3BlH+W
Threatray 136 similar samples on MalwareBazaar
TLSH 3E94E010FB02E03EE20FE53D5869C6B5C16E7D592A74188376EB8F873B23111DE75A26
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9861/
Detection(s):
SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 22:15:45 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
26c6d799dffff9bc1a4a8eb24204bd91e4f1694014ba0d6557a0e3e20e64608e
ZLoader
280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938
ZLoader
29c222f82d9db373ee755ac832c22540afb8f8708eafe8e96266a02b80759066
ZLoader
42bb5eae534eb2cea979c300b797a65febf291b28aea0b9d8bbea7d0a41bffa2
ZLoader
a81932797aa7e6324dc3390718163035c75620e6a0fa29c146c13c33b654a283
ZLoader
a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
ZLoader
b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af
ZLoader
dd84bd6db3500e786976d5c10fd2388a46dd5c34f79abd5dff624b9a568637aa
ZLoader
df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c
ZLoader
f84e08a4d83f63cb37f7117f401c242ecbd3ebbd6b7a12fb99332bcf5950f803
ZLoader
+ 126 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/200624-jtkdx94cps/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/399505/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/9861/

Comments