MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f1f00054377124affd8fb24f61b9a670858cc44282ffcf0341907f9dbcf1d51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f1f00054377124affd8fb24f61b9a670858cc44282ffcf0341907f9dbcf1d51
SHA3-384 hash: ad46d86a4dd6f6e87081636b73f56803632e5a72ae3fd01e5ac1098a87fd633772af8b565eab5860dc859612a003d86b
SHA1 hash: ec557b336ff11e216c669cc29c90a9e74771ee00
MD5 hash: 613edea279057e441e911ce8d1a4b7c8
humanhash: floor-uranus-stairway-minnesota
File name:613edea279057e441e911ce8d1a4b7c8.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:365'912 bytes
First seen:2021-01-12 17:07:10 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 9f377d945db467e35cbad38db9412261 (2 x ZLoader, 2 x Gozi)
ssdeep 6144:JS/x8J7Dm1BHoxEw5VurWW+9to5oFzwqWF4:JS/aWBHoxEw5VfD9tRFzwfF4
TLSH 3F74CFD5EB342157C889CBF0FAEEA844702CDB56FC54C5E5CD20F62ACCD41CAA513A6A
Reporter abuse_ch
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111537/
Detection(s):
SecuriteInfo.com.Mal.EncPk-APV.6508.945.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Delayed reading of the file
Delayed writing of the file
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/579243
Behaviour
Behavior Graph:
n/a
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3f1f00054377124affd8fb24f61b9a670858cc44282ffcf0341907f9dbcf1d51/
Threat name:
Win32.Trojan.GenCBL
Create hunting rule
Status:
Malicious
First seen:
2021-01-12 17:08:08 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h4pqabkdo4jev76y7mspmg42m4efrtcefax7z4buded7tw6pdviq._file
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:googleaktualizacija campaign:googleaktualizacija2 botnet trojan
Link:
https://tria.ge/reports/210112-61vr6xa34n/
Behaviour
Suspicious use of WriteProcessMemory
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Unpacked files
SH256 hash:
3f1f00054377124affd8fb24f61b9a670858cc44282ffcf0341907f9dbcf1d51
MD5 hash:
613edea279057e441e911ce8d1a4b7c8
SHA1 hash:
ec557b336ff11e216c669cc29c90a9e74771ee00
Link:
https://www.unpac.me/results/c9b755ff-ca61-46f5-866a-797c296edee9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/3f1f00054377124affd8fb24f61b9a670858cc44282ffcf0341907f9dbcf1d51

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_zloader_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:Zloader
Create hunting rule
Author:kevoreilly
Description:Zloader Payload

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll 3f1f00054377124affd8fb24f61b9a670858cc44282ffcf0341907f9dbcf1d51

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/952949/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/111537/

Comments