MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15e9493c4f50b672fe801108d31ac6660d1d5787e0c71964a935a893aab12032. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15e9493c4f50b672fe801108d31ac6660d1d5787e0c71964a935a893aab12032
SHA3-384 hash: 57ea93400c8fe33ca31a9d336aed8e8ca077192bb7ac8ee71cad6a6462382e71de4d8953c28125b4fee481cff09a5f78
SHA1 hash: 8e6e1b7fda10c521d277010021f62d6fe656ef46
MD5 hash: 41176e654dc58bce22ab124c9bba4bd2
humanhash: gee-autumn-nevada-pennsylvania
File name:zloader_1.18.3.0.vir
Download: download sample
Signature ZLoader
Create hunting rule
File size:201'728 bytes
First seen:2020-07-19 19:51:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 42ac19cae4619e3e8e6d94d5940553af (1 x ZLoader)
ssdeep 3072:1Yp2y+gELTPqJnMvMyYOHlezmKCCY28SimX1hPs9MaPGF3zxrM9oV:1YpRinU4FYOHsmKCCQ9mXDmnG1drW
Threatray 211 similar samples on MalwareBazaar
TLSH F2149E4173E84C40F16967344893C5AA5A64BDA2CFA9D2CB7AC03E6F1C366D9DF34B42
Reporter tildedennis
Tags:ZLoader


Avatar
tildedennis
zloader version 1.18.3.0

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28427/
Detection(s):
SecuriteInfo.com.Downloader.Generic14.BTHD.8207.16395.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/15e9493c4f50b672fe801108d31ac6660d1d5787e0c71964a935a893aab12032/
Threat name:
Win32.Trojan.Zbot
Create hunting rule
Status:
Malicious
First seen:
2017-10-16 20:08:00 UTC
File Type:
PE (Exe)
Extracted files:
31
AV detection:
25 of 28 (89.29%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
1d20f089698311891fac0a5cc2f3ecbfc1ce8e38d5e75a8a55b822324e8b1d35
ZLoader
2d02e69bdb215434458e28a4a8b2ccab2d2f4c176a175043e35284819aecd6db
ZLoader
5cba3f7da36c19bc48ceb0fd6424877d5659472fb2a19b7063e5b381aade699c
ZLoader
728910839e21267b805ab2f042cab15f3567c28cab82843fe8f3f53f05303763
ZLoader
7ab6936ad40377ecea070401a55ef15033c9ee2e441a2aaa0dc963a081502761
ZLoader
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
ZLoader
a270b677976266c10d5f062135372fd3f848f4b4dcfeaedd249d5069dc9e962e
ZLoader
b44cd4e38caab3aec3cd634a10f62e36021628ae9a16c0a577ce011fcf22b46f
ZLoader
c6035dfd95b359f00bc421c50365c58f55ffee88ff1f4223cad9d8fd4f9879a7
ZLoader
c8989c184174f25a13a23242d9e7d2c99f74ca9e283d1d4b1ad642bdcb89ba63
ZLoader
+ 201 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200719-bpy9d5hf5e/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/15e9493c4f50b672fe801108d31ac6660d1d5787e0c71964a935a893aab12032

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zloader/
Cape
Cape
https://www.capesandbox.com/analysis/28427/

Comments