MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e
SHA3-384 hash: 352c5eaaff1ecdc1a39a647fb9edb3c5f1aea6bb7df0704d88bc63b2f99cd4aa99034ef46d512a481b3dab571a3596c1
SHA1 hash: 9a7738f3f73d78d9fe18ba5401081d27f4222c8d
MD5 hash: 9eea7a0571baf33fa6877e8f8ebb3ad7
humanhash: twenty-magnesium-fix-robin
File name:JEsNEuI.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:364'544 bytes
First seen:2020-06-26 08:42:30 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3e992137b4b72360676077caae312186 (3 x ZLoader)
ssdeep 6144:IOA9EZYHHOsAFPtetI7AW7JOpoTIXbv6M19HBqxJPVZ5IebbnB:9A9EZgAFPtkI751OnrRbOJ1P
Threatray 211 similar samples on MalwareBazaar
TLSH D6746D2033B5442CF3574B3D88A2C2735999FD82D575BDEF30C12E8B64472D386A9B9A
Reporter JAMESWT_WT
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14795/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 00:30:43 UTC
File Type:
PE (Dll)
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ciox7q5auq5g55fxh5lec5nze4tsqekvwiq763zuyagxgq4lm6pa._file
Verdict:
unknown
Similar samples:
24f25d0bca087db5a6a5733171d3cee1fbcacdfcb00ef5b7bf79ad6fe362b069
ZLoader
2e50f8b1d260cd858d97aff46f8c157b940d6db17673ec99f9304ac963f32473
ZLoader
2ea83d557d9b9fcfa771dda7bb75fadde4e7a3d7f4f66f3fef23ecf758f084c0
ZLoader
4b2f8907da76b79748fc3d05e76fb0002baddca9b9e081c95770e345e8502af4
ZLoader
a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
ZLoader
aa4fad19caeb7d4d9abd68155eee268619442c6cfc8a69c2bc337dd4efdf4b4d
ZLoader
c01176f8ccb757f80cb32c809cfe0ceec9e100b199d4beec5f92adb824517869
ZLoader
d6f693ed2b9d397d19ea2aca1eaadfacde19e8c89cad22edd2fff3885048ff7e
ZLoader
f4156e15b465020e6687a23a63eb4b7c84a18f90ead4665087c6c2e5a09b455d
ZLoader
ffaada37aa4934d94b43628a932058196e3e9d5b4375873fa440c8c2bde97326
ZLoader
+ 201 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Link:
https://tria.ge/reports/200626-2199vtd32x/
Behaviour
Runs net.exe
Discovers systems in the same network
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies service
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.malware-traffic-analysis.net/2020/06/25/index2.html
Cape
Cape
https://www.capesandbox.com/analysis/14795/

Comments