MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66f49a261b6086dfdd1c3e2a21f7cb746aa35707490cbd64693d66383ba54c64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 66f49a261b6086dfdd1c3e2a21f7cb746aa35707490cbd64693d66383ba54c64
SHA3-384 hash: c24442cfdf141603d1e2ad34d49a51d3fffb29bcc9ba2344a7faaf94a69e933cd1460287ecc1641f491b03b76fbcb3d3
SHA1 hash: 48b9cbe0f6922d6c844ab7b7122bc0cd389bf711
MD5 hash: 33d2581d7d36acde729ce52c5d106d79
humanhash: aspen-romeo-angel-romeo
File name:zloader 2_1.0.15.0.vir
Download: download sample
Signature ZLoader
File size:131'584 bytes
First seen:2020-07-19 19:27:11 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 318f9d9b26038fd22f8e887bf75745de
ssdeep 3072:f9r5C53D8cD2blVIevrYc/vdDwfYX8D5/x6tT8Wfgpwylb:ft5C53D8ckM6sDW5g6yl
TLSH 22D32702917CC138F950497919AE733F8E26862C79168F2EDB90C4949FFC6B1729F25E
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.0.15.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
16
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
ZLoader
Detection:
malicious
Classification:
troj
Score:
72 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2020-02-05 02:44:43 UTC
AV detection:
23 of 31 (74.19%)
Threat level
  2/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments