MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5cba3f7da36c19bc48ceb0fd6424877d5659472fb2a19b7063e5b381aade699c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5cba3f7da36c19bc48ceb0fd6424877d5659472fb2a19b7063e5b381aade699c
SHA3-384 hash: 93d3b1e5028b686e07e93b5bb8d3bbc6753f2ccf4a4da6fba0faa66129d53ac6b27c9f54c86a7801134edba399e5746d
SHA1 hash: 2eed9c5a44fcc5cf3d3aca6c5839e4a842828c69
MD5 hash: ce2692dbfca48403373bc52d7a59365e
humanhash: solar-kilo-november-double
File name:zloader_1.18.1.0.vir
Download: download sample
Signature ZeuS
File size:299'008 bytes
First seen:2020-07-19 19:49:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a6452ba56e44e0da2f73c9bfb5ad4c2e
ssdeep 6144:Gdy/15FpIopbbkJi9yBshTFDN/b1Rj7G1R+0ebjVaaeYacnNW:GdMvpTKBMTxRnGGnURYx
TLSH 1254C01236E1C872E6E3027A0D8AC63AF3A2F6585F3185C37BC21B5D5B255D38B36356
Reporter @tildedennis
Tags:ZeuS ZLoader


Twitter
@tildedennis
zloader version 1.18.1.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
43
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Sennoma
Status:
Malicious
First seen:
2017-06-05 06:37:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments