MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7f1b2d2601e9a6427a155a3599614c09c9edaae7eb8f10b81e1f3e117717157. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 1 Yara 1 Comments

SHA256 hash: e7f1b2d2601e9a6427a155a3599614c09c9edaae7eb8f10b81e1f3e117717157
SHA3-384 hash: 97de2da3028bfd37bf5995f0f1ade2aaa294d9bed98a62c4de31437ec3f2e4044af26c59265e8d064cf8627d11a3521b
SHA1 hash: 403c6a9e7159480ba75f4250f2d946226de92d4b
MD5 hash: a37a8840e9e8d07c73861a1353013ba2
humanhash: winner-johnny-florida-delta
File name:SecuriteInfo.com.Win32.Kryptik.HENB.18157
Download: download sample
Signature ZLoader
File size:592'896 bytes
First seen:2020-06-30 03:36:52 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 7af8fa00ad6b21ee3cbd72c090c0bdaf
ssdeep 12288:AbQJGj68MhvrWZ0b/lyNLFMpZF6D1+FVoeTmuMsxJWjj7E2K9:AbQJs68+PgNB4v6O1TmMxgjj7nK
TLSH 6EC49D01B690D138F4FB45B49A76C1ADAA387D605B3488CBB7C52E9F5B246E0ED31713
Reporter @SecuriteInfoCom
Tags:ZLoader

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 33
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/16751/
ClamAV SecuriteInfo.com.Win32.Kryptik.HENB.18157.UNOFFICIAL
PUA.Win.Downloader.Aiis-6803892-0
CERT.PL MWDB Detection:zloader
Link: https://mwdb.cert.pl/sample/e7f1b2d2601e9a6427a155a3599614c09c9edaae7eb8f10b81e1f3e117717157/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-30 03:38:05 UTC
AV detection:17 of 31 (54.84%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:zloader
Link: https://tria.ge/reports/200630-a9v2wz3hds/
Tags:trojan botnet family:zloader evasion spyware
VirusTotal:Virustotal results 5.71%

Yara Signatures


Rule name:win_unidentified_023_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments