MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017
SHA3-384 hash: 97e41aa60e86d7ccaf7a0687d63904aa82c6ddb4304e891483d13351b142743d84af17fcc6a24a38155735ee9db01656
SHA1 hash: 59bbd8de9de9f891adb73b4c5711cfb7a3073fa5
MD5 hash: 4bf3af70dcbddb2176b0bf611a8f945c
humanhash: alanine-kilo-alabama-mobile
File name:logs.php.bin
Download: download sample
Signature ZLoader
Create hunting rule
File size:376'833 bytes
First seen:2021-02-24 12:48:11 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3bbba5126b337863d1df27ba463579e3 (2 x ZLoader)
ssdeep 6144:Oq0DP+KszP/GNG+GfBJx/3SDDrpXzA2IjGXnr7QIWx0rFHQhroo+0t:OqMPQzGNeXSDh8S3r7QIxr61Vt
Threatray 3 similar samples on MalwareBazaar
TLSH 1984D012351BD8B3CBEC01786DD1EA99472CBFD46B9DA2A731C835AF38C7B454269231
Reporter JasonMilletary
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/118969/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a window
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/616688
Signature
Contains functionality to inject code into remote processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017/
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
34aa0bd4dc61cca23b7950282df26ce2e16a339b2895add65d46e6d317a11fe1
ZLoader
5c5c8af2a703aa1842f4ce9f9e83aeeac0e2cc2d3ed1bf9f9ad72b7f77e89a42
ZLoader
8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
ZLoader
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:nut campaign:22/02 botnet trojan
Link:
https://tria.ge/reports/210224-bnwlrbqjt6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://sanfilippowholesale.ca/post.php
https://veprotech.com/post.php
https://globalgroots.com/post.php
https://silicontradewind.com/post.php
https://dhyanalingagranites.in/post.php
https://onushondhanbarta.com/post.php
https://avcity.in/post.php
https://docapiridelli.ml/post.php
Unpacked files
SH256 hash:
009213997e92f5fb21619c10699205c97b9e87d17ca25fedb1e147d4de9ff3c6
MD5 hash:
62a840fef8fa6ea2d5a8eb79cd5dd838
SHA1 hash:
c210b09c84619286bf41a0f065448f2abcaa7183
Link:
https://www.unpac.me/results/942dcd29-45fc-468d-a856-f745ec01ab13/
SH256 hash:
22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017
MD5 hash:
4bf3af70dcbddb2176b0bf611a8f945c
SHA1 hash:
59bbd8de9de9f891adb73b4c5711cfb7a3073fa5
Link:
https://www.unpac.me/results/942dcd29-45fc-468d-a856-f745ec01ab13/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/118969/

Comments


Avatar
Jason Milletary commented on 2021-02-24 12:49:38 UTC

h/t to https://twitter.com/James_inthe_box/status/1364275444988612609