MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b2f8907da76b79748fc3d05e76fb0002baddca9b9e081c95770e345e8502af4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b2f8907da76b79748fc3d05e76fb0002baddca9b9e081c95770e345e8502af4
SHA3-384 hash: d0bc8633f44cdd03e8c58df02fd4b1b166c65d4f3cbe1d0c16bc0dd637c299ba76bc8c2cde5cde32ceb75db2cf29dce8
SHA1 hash: 14f814993587906e8e24b710c3cbe5c06798851a
MD5 hash: fc7b58e72a78c221ccfb0832e6defd7e
humanhash: iowa-purple-twelve-uniform
File name:june25.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:364'544 bytes
First seen:2020-06-26 09:57:26 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3e992137b4b72360676077caae312186 (3 x ZLoader)
ssdeep 6144:IOA9EZ9HHOsAFPtetI7AW7JOpoTIXbv6M19HBqxJPVZ5IebbnB:9A9EZrAFPtkI751OnrRbOJ1P
Threatray 211 similar samples on MalwareBazaar
TLSH FA746D2033B5442CF3574B3D88A2C2735999FD82D575BDEF30C12E8B64472D386A9B9A
Reporter JAMESWT_WT
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14838/
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.ENDE.8741.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4b2f8907da76b79748fc3d05e76fb0002baddca9b9e081c95770e345e8502af4/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 00:22:17 UTC
File Type:
PE (Dll)
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jmxysb62o23zosh4huc6o35qaav23xfjxhqidskxodrul2cqfl2a._file
Verdict:
unknown
Similar samples:
121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e
ZLoader
24f25d0bca087db5a6a5733171d3cee1fbcacdfcb00ef5b7bf79ad6fe362b069
ZLoader
2e50f8b1d260cd858d97aff46f8c157b940d6db17673ec99f9304ac963f32473
ZLoader
2ea83d557d9b9fcfa771dda7bb75fadde4e7a3d7f4f66f3fef23ecf758f084c0
ZLoader
a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
ZLoader
aa4fad19caeb7d4d9abd68155eee268619442c6cfc8a69c2bc337dd4efdf4b4d
ZLoader
c01176f8ccb757f80cb32c809cfe0ceec9e100b199d4beec5f92adb824517869
ZLoader
d6f693ed2b9d397d19ea2aca1eaadfacde19e8c89cad22edd2fff3885048ff7e
ZLoader
f4156e15b465020e6687a23a63eb4b7c84a18f90ead4665087c6c2e5a09b455d
ZLoader
ffaada37aa4934d94b43628a932058196e3e9d5b4375873fa440c8c2bde97326
ZLoader
+ 201 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/200626-q9ftm1t1gx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/14838/

Comments