MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30e772385fc3887fdd1ef1e358dc05cc83da655ecf53257800daf5d68ae430fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30e772385fc3887fdd1ef1e358dc05cc83da655ecf53257800daf5d68ae430fd
SHA3-384 hash: 062ccdb524ace68554fa8360842d1ece29f60bce8e492ade4a580c6351cf3966ce73e1e48bf8078091c90c55fade288b
SHA1 hash: bee08a27d939c6d914d2c3494e689332bfa75821
MD5 hash: d1b4b311fd49c228ed5f66c72023fd8e
humanhash: winner-nineteen-oklahoma-harry
File name:earshot.dll
Download: download sample
File size:878'592 bytes
First seen:2020-05-11 11:15:42 UTC
Last seen:2020-05-11 12:05:46 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 6b281dd3c9122f7d81dbd1b0ea07bcc1
ssdeep 6144:nhKCEGcZYnmy+9Mw6PeJ/Oubatb6pf4Pbjmr9UnbNzX:AClcZYn72hSS9gbNzX
Threatray 84 similar samples on MalwareBazaar
TLSH 0F15E5ACA74788E3E7753974A3D20E46561171E5F420088FB7BE2E1C5FA87A27C16EC4
Reporter Racco42
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.744717.5205.31157.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 11:35:22 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951
81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f
8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1
bc0b57f04efe4239fcc02f049c97016c653c963de8cbe45bcf9449cd16919f08
dd11381223ab1902db2963df4cbe3299e42064a5857545560f913647c1f70c5a
e4d0a79d2463c5d3a71874e3389fa753f480b96639ad32baf1997baf8e5f714a
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448
edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306
+ 74 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:main campaign:26.04.2020 botnet persistence trojan
Link:
https://tria.ge/reports/201109-fxxhvcszh6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://coult.org/sound.php
https://chorbly.org/sound.php
https://kodray.org/sound.php
https://retualeigh.com/sound.php
https://grually.com/sound.php
https://footmess.com/sound.php
https://rarigussa.com/sound.php
https://pacallse.com/sound.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments