MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2f0049cd462aa2fadc04698f15209d5f31c185d3b99f71e8f564f20ae9b9d51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	d2f0049cd462aa2fadc04698f15209d5f31c185d3b99f71e8f564f20ae9b9d51
SHA3-384 hash:	46568c907bf07c7a7d4b6675cec32bdf4eaf3a4b60b6d11881ecf9df9941896fbd4de8215ef5b2bdaae8cda505f50da4
SHA1 hash:	95344d9e72b44332d169d23ea2a538057f231456
MD5 hash:	61312dc37b2ebdf09ddecf5084978343
humanhash:	michigan-social-triple-freddie
File name:	b3.dll
Download:	download sample
Signature	ZLoader Create hunting rule
File size:	581'120 bytes
First seen:	2020-09-09 13:04:15 UTC
Last seen:	2020-09-09 13:34:58 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	58b7427958517b17dffa4a2114d8c2e4 (1 x ZLoader)
ssdeep	6144:LXhlbaTbLY6VhaQOJz3utQQ24SQ5XvoNQ/JyRpYrCB:LXh5a7BV83utQQ24ZvorRpY
Threatray	6 similar samples on MalwareBazaar
TLSH	D0C4A402FBD71F27CD9B3136845A2C77817BEE940799FA0746A9B944DAB03E93721207
Reporter	JAMESWT_WT
Tags:	ZLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

99

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Zloader

Link:

https://www.capesandbox.com/analysis/58144/

Detection(s):

SecuriteInfo.com.Variant.Razy.746479.27042.4611.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Launching a process

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/462095

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

n/a

Detection:

zloader

Link:

https://mwdb.cert.pl/sample/d2f0049cd462aa2fadc04698f15209d5f31c185d3b99f71e8f564f20ae9b9d51/

Threat name:

Win32.Trojan.Zeus

Status:

Malicious

First seen:

2020-09-09 13:06:07 UTC

File Type:

PE (Dll)

Extracted files:

26

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=2lyajhgumkvc7loai2mpcuqj2xzrygc5hom7ohupkzhsblu3tviq._file

Verdict:

suspicious

Similar samples:

3712c1a9e9ab864ee28897d0802179db4a2f664f61629f1154437640be377530

4a98d46de3bd022d30b403013cd03c5142cf01341bf18e76e487311a8bbee252

6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8

6943af74133b5003dd39c65473d54749c131536d8fd773801de2e80ede8e0c0a

c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2

eecaf5677c5c21d268261eef35a819549dda3c454e9b60e368070aa3bfd2f54c

Result

Malware family:

zloader

Score:

10/10

Tags:

trojan botnet family:zloader

Link:

https://tria.ge/reports/200909-ftlact8z6s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Suspicious use of NtCreateUserProcessOtherParentProcess

Zloader, Terdot, DELoader, ZeusSphinx

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

ZLoader

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d2f0049cd462aa2fadc04698f15209d5f31c185d3b99f71e8f564f20ae9b9d51

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/58144/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample