MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28e752ad86f8f53773bb2e147c1366f5e82b5a8fd2cd80af065decea2e11f694. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 28e752ad86f8f53773bb2e147c1366f5e82b5a8fd2cd80af065decea2e11f694
SHA3-384 hash: 99ba939db67a59cd966101054bb56b1e2dede844eddb78a1b70eeb135631be6996136b9069243c27dd48900023792e84
SHA1 hash: d5795f51ec36ee0dabd073f694692e2aa507a04a
MD5 hash: 81baef090e5c513c1598c348d072ce96
humanhash: mirror-autumn-chicken-ack
File name:zloader 2_1.0.4.0.vir
Download: download sample
Signature ZLoader
File size:307'200 bytes
First seen:2020-07-19 17:29:50 UTC
Last seen:2020-07-19 19:18:45 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash da6bf84fff1ec1dc82fb3a0741b23f19
ssdeep 6144:ODRRTytCG2AD+dMLtfbPM+jf5nde+zDbf+qk7w:zCG2AKdMDPMMff+qkk
TLSH 78646B643AA8CC75FD4602388E08E2BDA5277DA5BC2CB0D7F5D63F1F657E046802794A
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.0.4.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
18
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2019-12-26 04:40:01 UTC
AV detection:
23 of 31 (74.19%)
Threat level
  2/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
Extraction:
http://roo.purcererya.org/tv/x.php
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments