MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c
SHA3-384 hash: 1e7a45a0a1f46b651bb6c49d697d247a7e2e5325482def9d2ef0cd3068a8db6e29c7ad05209c4f7a08b6e051cb6ce450
SHA1 hash: 5a71bf67f1df891e2886edccc9df1da3faae164f
MD5 hash: a901a382d4de283436600c283027f6b6
humanhash: idaho-five-crazy-finch
File name:loboa.bin
Download: download sample
Signature ZLoader
Create hunting rule
File size:421'376 bytes
First seen:2020-07-06 09:22:55 UTC
Last seen:2020-07-06 09:58:01 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 611a3749bc3d8299ccccc0ea8b978ae6 (1 x ZLoader)
ssdeep 12288:SxcP7Ru2aO4pfnBoAsS2ItjEKbr38dqrr:SxA7papnBDarAr3sq
Threatray 135 similar samples on MalwareBazaar
TLSH 3494C021B691D43AC44B25B88D16C2BC0EA8BCA4EE64DDD737D89F9F6F201D1DA35342
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/21432/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 23:53:15 UTC
File Type:
PE (Dll)
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
26c6d799dffff9bc1a4a8eb24204bd91e4f1694014ba0d6557a0e3e20e64608e
ZLoader
280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938
ZLoader
29c222f82d9db373ee755ac832c22540afb8f8708eafe8e96266a02b80759066
ZLoader
42bb5eae534eb2cea979c300b797a65febf291b28aea0b9d8bbea7d0a41bffa2
ZLoader
a81932797aa7e6324dc3390718163035c75620e6a0fa29c146c13c33b654a283
ZLoader
a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
ZLoader
b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af
ZLoader
c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
ZLoader
dd84bd6db3500e786976d5c10fd2388a46dd5c34f79abd5dff624b9a568637aa
ZLoader
f84e08a4d83f63cb37f7117f401c242ecbd3ebbd6b7a12fb99332bcf5950f803
ZLoader
+ 125 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader evasion spyware
Link:
https://tria.ge/reports/200706-q5xvmxsfma/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Modifies system certificate store
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/21432/

Comments