MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa240d61efeb769d33cc081f2086ae6b65cda847a80440c82d97867fd1fbd6ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa240d61efeb769d33cc081f2086ae6b65cda847a80440c82d97867fd1fbd6ab
SHA3-384 hash: 4ffa8fec73ad72980318bf27cf98ba225e2faeacd1686f68f35035b4f3a63bd1a10600912e130aac6171ec23697e3139
SHA1 hash: 6bcfb4f6385a4a78d39514763ed203ec7d4dc59f
MD5 hash: 13b3e008d5b8996c34a9247fbc412aa9
humanhash: high-minnesota-india-berlin
File name:zte(1).dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:484'864 bytes
First seen:2020-06-12 08:39:10 UTC
Last seen:2020-06-12 09:44:47 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 8576f2eda7a30aeed43fccdbadabc440 (16 x Gozi, 10 x ZLoader)
ssdeep 12288:T2s6153h0KPnJHFlswhjmoUYtIdySZYBk:TZ8VQ8jmotI2S
Threatray 138 similar samples on MalwareBazaar
TLSH D0A4D0E25940B2B0D14BC97E9420B1B681F97C2A7F549180F98B47B735372FAA994FC3
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10007/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 08:38:09 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7isa2ypp5n3j2m6mbapsbbvonns43kchvacebsbns6dh7up322vq._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
0eb381723057cbec531c209a0b5dca273d5c05ca5832b4d7baa2447d32e861cf
ZLoader
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
ZLoader
54fba19e9bdd0cdc7f3900f716e90dfa0f96c282c768747d667d2b227ccbe484
ZLoader
66d4f17726f5853e6127da6c02b6760f5cabbcf2793673d0db6b93517a537a78
ZLoader
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
ZLoader
8dbbc783a02a103f860b387d4c62c278b47c234e5ad4331eda1ba6ed7b06194f
ZLoader
8e8ac33ad3757a7f33a24efbe9ec50a57d33de94a99327fdc38a9d8c3b21ad9b
ZLoader
97acd15ebfaa1ac340cac6a4575d59d03ee08eb9b825eebf674d4ed123dd5667
ZLoader
98a58a4f1a0b1305c473eeafa6dac80c2e2edd7e8aa8fe6d32ccac81318de1e5
ZLoader
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
ZLoader
+ 128 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet persistence trojan
Link:
https://tria.ge/reports/201109-pg6cpaqwna/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10007/

Comments