MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3326d4607b164078735ee55313992c18e83e6b87b75faf350b8c61a99eb2b659. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 3326d4607b164078735ee55313992c18e83e6b87b75faf350b8c61a99eb2b659
SHA3-384 hash: 22a045ec8380c9307042d4bdcceb1fef8dc907bff58cca5c9f0d908366fab43ddaf86b351c923f1be380b6e5d4d6528e
SHA1 hash: 363a23608cccc5d39393c51eb9570e624aef8558
MD5 hash: 3599f01a6162db10307b75c7132c06db
humanhash: white-charlie-fix-mirror
File name:3599f01a6162db10307b75c7132c06db.dll
Download: download sample
Signature ZLoader
File size:649'216 bytes
First seen:2020-07-04 08:03:36 UTC
Last seen:2020-07-04 08:41:49 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash a3c70c53662770049a946e3d13403827 (2 x ZLoader)
ssdeep 12288:BBLIZWDR44fZdoTz0E1z/Y20Yq+Bc2OnjOjSxchYK4/cr:fIZWy4PoTl/YJX9cE/
Threatray 110 similar samples on MalwareBazaar
TLSH 67D4AF202F92C536F6BB0B358826C5309DACBE4595F489DF53D5760E16773C280BAF1A
Reporter @abuse_ch
Tags:dll ZLoader

Intelligence


File Origin
# of uploads :
2
# of downloads :
92
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-04 08:05:04 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
trojan botnet family:zloader evasion spyware
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Modifies system certificate store
Blacklisted process makes network request
Suspicious use of NtCreateUserProcessOtherParentProcess
Zloader, Terdot, DELoader, ZeusSphinx

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll 3326d4607b164078735ee55313992c18e83e6b87b75faf350b8c61a99eb2b659

(this sample)

  
Delivery method
Distributed via web download

Comments