MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2
SHA3-384 hash:	8d758285afdb8dff4047762f25ca955b7a596ea97ca2b8555aa48398237aecc76aa8137050f22326ebe36eabe6a1fcee
SHA1 hash:	5037543f108882d6a0d5b1907d125d40e4126e32
MD5 hash:	22c1b894002c6ffd1fdc2a75b48ddcda
humanhash:	mirror-autumn-bluebird-cardinal
File name:	SecuriteInfo.com.Generic.mg.22c1b894002c6ffd.12583
Download:	download sample
Signature	ZLoader Create hunting rule
File size:	740'352 bytes
First seen:	2020-08-27 20:32:56 UTC
Last seen:	2020-08-28 06:15:10 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	18e26404a606c740938b3a6583c1881d (1 x ZLoader)
ssdeep	6144:GuPnPogxyU47hhfJHOtrfIx2yDsOyXMPfMPTPtP/PvPxPLPLPVPbPPxPTPDpP/PY:G4A8h4l1Rmr02GsOynnx9VQ
Threatray	6 similar samples on MalwareBazaar
TLSH	81F4C815FE27D012CF4D173D8149EEB6D24F6C16EC8D86FC329D0198AF9A53B2A282D5
Reporter	SecuriteInfoCom
Tags:	bat1k3 dll ZLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

83

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Zloader

Link:

https://www.capesandbox.com/analysis/51933/

Detection(s):

SecuriteInfo.com.Generic.mg.22c1b894002c6ffd.12583.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Launching a process

Creating a window

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/453026

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

zloader

Link:

https://mwdb.cert.pl/sample/c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2/

Threat name:

Win32.Trojan.Malrep

Status:

Malicious

First seen:

2020-08-27 19:43:07 UTC

AV detection:

19 of 28 (67.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=zejctwimii6nlnn7q4goy4kolskwawggf5fsantapvcpc5t4kdja._file

Verdict:

suspicious

Similar samples:

3712c1a9e9ab864ee28897d0802179db4a2f664f61629f1154437640be377530

4a98d46de3bd022d30b403013cd03c5142cf01341bf18e76e487311a8bbee252

6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8

6943af74133b5003dd39c65473d54749c131536d8fd773801de2e80ede8e0c0a

d2f0049cd462aa2fadc04698f15209d5f31c185d3b99f71e8f564f20ae9b9d51

eecaf5677c5c21d268261eef35a819549dda3c454e9b60e368070aa3bfd2f54c

Result

Malware family:

zloader

Score:

10/10

Tags:

trojan botnet family:zloader

Link:

https://tria.ge/reports/200827-3skv3kjde2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Suspicious use of NtCreateUserProcessOtherParentProcess

Zloader, Terdot, DELoader, ZeusSphinx

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/51933/

URLhaus

https://urlhaus.abuse.ch/url/445361/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/445363/

URLhaus

https://urlhaus.abuse.ch/url/445373/

URLhaus

https://urlhaus.abuse.ch/url/445375/

URLhaus

https://urlhaus.abuse.ch/url/445376/

URLhaus

https://urlhaus.abuse.ch/url/445840/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample