MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b0c5b4530a9218d6030a7040a10ea5be84ffa3696601732ee7212691521474f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b0c5b4530a9218d6030a7040a10ea5be84ffa3696601732ee7212691521474f
SHA3-384 hash: 3781c8daabbe2d165d1e6f1afb1e9306e8e1233d0b9f4af4163ddba4c93ce131030a1c9cbab08b46a25623c2436509df
SHA1 hash: 3c69e7dad2f0f4b6c5c7501b874744431ba7b88c
MD5 hash: afc9327807688d86aac574e7b9031dfb
humanhash: juliet-hamper-red-tennessee
File name:z2.bin
Download: download sample
Signature ZLoader
Create hunting rule
File size:553'984 bytes
First seen:2020-10-18 07:52:11 UTC
Last seen:2020-10-18 08:38:07 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 817ad5c7d6d3cf2acc5ed41281974ec5 (2 x ZLoader)
ssdeep 12288:rGCtU0xHeIOnSwR1qN1jPOioYJFxPxq9GbXumsE7P1ZBfzNG7wYjjXkKjp:rGCtNx+IcHqnlcYZdZZ4j
TLSH 2FC48C20B982D076E06E0639CC21E5FC46697C598F755DE7B2E82F2F2D364D29B30E16
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/72635/
Detection(s):
SecuriteInfo.com.Generic.mg.afc9327807688d86.8611.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/494604
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 299752 Sample: z2.bin Startdate: 18/10/2020 Architecture: WINDOWS Score: 52 12 Multi AV Scanner detection for submitted file 2->12 14 Machine Learning detection for sample 2->14 6 loaddll32.exe 1 2->6         started        process3 process4 8 rundll32.exe 6->8         started        10 rundll32.exe 1 6->10         started       
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4b0c5b4530a9218d6030a7040a10ea5be84ffa3696601732ee7212691521474f/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-10-18 07:52:31 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jmgfwrjqveqy2ybqu4cauehklpue76rwszqbomxooijgsfjbi5hq._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201018-sj3t4psq5j/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
8c3cad03d8a4f3ba84f7a0f597003dca83bcaad8e0e4c2476e25cd531eb31de0
MD5 hash:
2ed7e0ec8e509807d6b3a1c9a5141f38
SHA1 hash:
2e7ae87e218a3af17429f2fcba16450ff57c2c07
Detections:
win_zloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/2a731dad-082c-45f6-8da4-801d04350b56/
SH256 hash:
4b0c5b4530a9218d6030a7040a10ea5be84ffa3696601732ee7212691521474f
MD5 hash:
afc9327807688d86aac574e7b9031dfb
SHA1 hash:
3c69e7dad2f0f4b6c5c7501b874744431ba7b88c
Link:
https://www.unpac.me/results/2a731dad-082c-45f6-8da4-801d04350b56/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4b0c5b4530a9218d6030a7040a10ea5be84ffa3696601732ee7212691521474f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/72635/

Comments