MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3428603e92a29c1d256f2d0d3c74d8dd9f8ea3eb7f56cc5204ce035395c1e3e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3428603e92a29c1d256f2d0d3c74d8dd9f8ea3eb7f56cc5204ce035395c1e3e3
SHA3-384 hash: ae2f4574b816f61c6547e6cb8d5bfdc6c92f78a244462ee41338a67d774c6c3757214e79d2064fec0ae2f516194be665
SHA1 hash: b825619c830b8da429cc83f526d4b88867c6308f
MD5 hash: 97d3b83e66faa406dcc2ce87131edafc
humanhash: whiskey-coffee-video-solar
File name:zloader 2_1.0.11.1.vir
Download: download sample
Signature ZLoader
Create hunting rule
File size:451'584 bytes
First seen:2020-07-19 19:37:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 23218ebce6c3ad08ccfe066c07198368 (1 x ZLoader)
ssdeep 6144:P8xirOVecpRhPDnkSA36D/5u5QqB4/6UXiB4jkQ0tjNKM:/JmDnFA3e5u676AF4Fb
Threatray 104 similar samples on MalwareBazaar
TLSH 90A46A00A12AC578FAE541FA8FBA4DFCE71EE5E8830950C761D5D099626CBF53B37212
Reporter tildedennis
Tags:ZLoader zloader 2


Avatar
tildedennis
zloader 2 version 1.0.11.1

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/28293/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader32.44209.1693.21863.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/390435
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 247417 Sample: zloader 2_1.0.11.1.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 29 isfjiaaodwsoi.com 2->29 41 Antivirus / Scanner detection for submitted sample 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 Detected unpacking (changes PE section rights) 2->45 47 3 other signatures 2->47 8 haeh.exe 2->8         started        11 zloader 2_1.0.11.1.exe 2->11         started        14 haeh.exe 2->14         started        signatures3 process4 dnsIp5 49 Antivirus detection for dropped file 8->49 51 Multi AV Scanner detection for dropped file 8->51 53 Detected unpacking (changes PE section rights) 8->53 57 2 other signatures 8->57 16 haeh.exe 8->16         started        35 1.0.11.1 CLOUDFLARENETUS China 11->35 55 Injects a PE file into a foreign processes 11->55 18 zloader 2_1.0.11.1.exe 11->18         started        21 haeh.exe 14->21         started        signatures6 process7 signatures8 37 Writes to foreign memory regions 18->37 39 Allocates memory in foreign processes 18->39 23 msiexec.exe 3 25 18->23         started        process9 dnsIp10 31 isfjiaaodwsoi.com 23->31 33 ifjedssofllvcr.com 23->33 27 C:\Users\user\AppData\Roaming\...\haeh.exe, PE32 23->27 dropped file11
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3428603e92a29c1d256f2d0d3c74d8dd9f8ea3eb7f56cc5204ce035395c1e3e3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2020-01-16 07:34:00 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
ZLoader
15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807
ZLoader
30e772385fc3887fdd1ef1e358dc05cc83da655ecf53257800daf5d68ae430fd
ZLoader
4fb5e1b5eaa6a8f4ff3e80429adaa9f5af1dded814c724a7839f25636530d0e3
ZLoader
6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951
ZLoader
bbbc1a46aa7998a12dc9b13c29b5204b784669e60d8bb1d05fbf2741abf68342
ZLoader
da550540689b015b44a2e03f37c23ed8c8730ccf9cb611490dc76a39782dce2b
ZLoader
edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
ZLoader
eecaf5677c5c21d268261eef35a819549dda3c454e9b60e368070aa3bfd2f54c
ZLoader
fe6778684fe56f143efd0bfae3e127f0c615f11d47e302e68a9eb1f83f7a6511
ZLoader
+ 94 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Link:
https://tria.ge/reports/200719-pqqhq1gtva/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://ifjedssofllvcr.com/jbYm9bt/NlGkb4ivk.php
https://isfjiaaodwsoi.com/jbYm9bt/NlGkb4ivk.php
https://mslfiedjssfdes.com/jbYm9bt/NlGkb4ivk.php
https://sifeiwdjiesde.com/jbYm9bt/NlGkb4ivk.php
https://sldeodjiweiswi.com/jbYm9bt/NlGkb4ivk.php
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3428603e92a29c1d256f2d0d3c74d8dd9f8ea3eb7f56cc5204ce035395c1e3e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zloader 2/
Cape
Cape
https://www.capesandbox.com/analysis/28293/

Comments