MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15e9493c4f50b672fe801108d31ac6660d1d5787e0c71964a935a893aab12032. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 15e9493c4f50b672fe801108d31ac6660d1d5787e0c71964a935a893aab12032
SHA3-384 hash: 57ea93400c8fe33ca31a9d336aed8e8ca077192bb7ac8ee71cad6a6462382e71de4d8953c28125b4fee481cff09a5f78
SHA1 hash: 8e6e1b7fda10c521d277010021f62d6fe656ef46
MD5 hash: 41176e654dc58bce22ab124c9bba4bd2
humanhash: gee-autumn-nevada-pennsylvania
File name:zloader_1.18.3.0.vir
Download: download sample
Signature ZLoader
File size:201'728 bytes
First seen:2020-07-19 19:51:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 42ac19cae4619e3e8e6d94d5940553af
ssdeep 3072:1Yp2y+gELTPqJnMvMyYOHlezmKCCY28SimX1hPs9MaPGF3zxrM9oV:1YpRinU4FYOHsmKCCQ9mXDmnG1drW
TLSH F2149E4173E84C40F16967344893C5AA5A64BDA2CFA9D2CB7AC03E6F1C366D9DF34B42
Reporter @tildedennis
Tags:ZLoader


Twitter
@tildedennis
zloader version 1.18.3.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
38
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2017-10-16 20:08:00 UTC
AV detection:
25 of 28 (89.29%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments