MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c140b009e1f5360dfa41c20dee364c1cd3a8576081582a7514d63405506e92d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c140b009e1f5360dfa41c20dee364c1cd3a8576081582a7514d63405506e92d
SHA3-384 hash: a059e6d44a6ca7d49fa512ad20ea5007b11c1ea923579f418e7be4912f1e4894eea6e0d21ff518f6b0ed16e0aae8eca6
SHA1 hash: 11d15a7a774ae573beb19bf8c679e727c091d919
MD5 hash: 33ddd8c3de4e04952fc85088503b59bd
humanhash: triple-three-eighteen-oscar
File name:33ddd8c3de4e04952fc85088503b59bd.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:376'609 bytes
First seen:2020-10-18 06:28:14 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 3072:Ow9Y2zTzsk7nw0WPV4CZZSj91H50Adp8j7Z2ZxSF/P5lGrdyPPz844r9dzdY5Zyc:Oj2z3niEj9ZqZ+S9MIP499bYutYShsmc
Threatray 18 similar samples on MalwareBazaar
TLSH 4384C343E9D70F74D2BD17F3CACD01298260815ACCA21E40B3791669E64BDC1F9FAA6D
Reporter abuse_ch
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/72618/
Detection(s):
SecuriteInfo.com.ArtemisA292511DF943.20914.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/494566
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c140b009e1f5360dfa41c20dee364c1cd3a8576081582a7514d63405506e92d/
Threat name:
Win32.Trojan.Ranapama
Create hunting rule
Status:
Malicious
First seen:
2020-10-18 06:30:07 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqkawae6d5jwbx5edqqn5y3eyhgtvblwbakyfj2rjvruavig5ewq._file
Verdict:
unknown
Similar samples:
15737d37308fb5a8745afb8c34249e387bad9b1d001f2fcaa44b8c0333286861
ZLoader
2146f27b05e76eac964c664ee1e6df16679ed030305b7ebe2298a606d03cdff3
ZLoader
49d7303aab08fdc92f4a19e794ff05b82b4286d2793cdef0f85821b7201ccacb
ZLoader
6058c6ad67825611365e2b30a4e8641f898a1f04c3d4edc4fc228ea7a5b5cb20
ZLoader
7888b57934a7de6293d3681f9758f80a2c41f657b36412fcecdb7cde13842b32
ZLoader
78e34b21a5786410919826ed63c6c65ced1120074800f7349e772476cdbafc78
ZLoader
c842217385fa1a9462274e21cdcc9af2c0560e9c307090e708377d5c897d36cb
ZLoader
e328b59a03281b6847e8b69c31833e912320972b7653e5824d6c081a356d2a63
ZLoader
ea2f669164d78dda6cfa73ec8cf823944855d3cd711714694bde177feba932f9
ZLoader
f8a18069037f638bd441000534be458fd218578f750665cc3fe49e979ea40173
ZLoader
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201018-73lew6wj6s/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
4c140b009e1f5360dfa41c20dee364c1cd3a8576081582a7514d63405506e92d
MD5 hash:
33ddd8c3de4e04952fc85088503b59bd
SHA1 hash:
11d15a7a774ae573beb19bf8c679e727c091d919
Link:
https://www.unpac.me/results/29de2789-2b5c-490f-a10f-ae64a7b4765c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/4c140b009e1f5360dfa41c20dee364c1cd3a8576081582a7514d63405506e92d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll 4c140b009e1f5360dfa41c20dee364c1cd3a8576081582a7514d63405506e92d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/72618/
  
URLhaus
https://urlhaus.abuse.ch/url/706333/
  
Delivery method
Distributed via web download

Comments