MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba
SHA3-384 hash: 8be187644420a92ebd51587b508bc9f62121667c4628e1aa96ae4e546723473d2171aed779b56b495a5967f73d02d163
SHA1 hash: b4e7df23ccd50f4d136f66e62d56815eab09e720
MD5 hash: 6d2864f9d3349fc4292884e7baab4bcc
humanhash: sad-lemon-washington-spring
File name:zloader 2_1.2.22.0.vir
Download: download sample
Signature ZLoader
File size:187'392 bytes
First seen:2020-07-19 19:50:16 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash b75ad724d042de3da39482ba6cc804cb
ssdeep 3072:V+EdIHvacHR4IJ1/eIvfHJKsopu5Zu1yiJ1nE8dFZfdcn0TctjCQ9gXaj0jjh3DL:V+aKvac72IfHJmpu5g1yUpE8dFZls0o6
TLSH FE0427019864C130FD010070699EF77ECD6EC22E7B16AAABCB91D9945FD82F0757E61E
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.2.22.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
ZLoader
Detection:
malicious
Classification:
troj
Score:
72 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2020-04-07 18:14:06 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  5/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
trojan botnet family:zloader
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments