MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86c37d778f584a2a3090ab170c8cd2fb3ddf952cde689b4c5a1efd74fc113a05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86c37d778f584a2a3090ab170c8cd2fb3ddf952cde689b4c5a1efd74fc113a05
SHA3-384 hash: 450b9e3aec2d16d06da07d6849d9c0560eef29b4975b9a983169e9aba4fb3539cfc88ac14b5953f964aa66536a311cdf
SHA1 hash: 81618f8ecc48541c219aa974e4b16cab8f34203b
MD5 hash: 86cef6c066a05b3f67123fbf638b6b01
humanhash: wisconsin-quebec-edward-carbon
File name:JavaE.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:286'664 bytes
First seen:2021-08-05 07:30:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 08450bd1a68c8a3b0a810abf7bf95ef9 (1 x ZLoader)
ssdeep 6144:JZSK5O1iiCZm6bVhmwcEVWxd5QLA7RzAorc/Sg/Gp9z:J52ZCZm6bVEwcW25QK+oriSg+L
Threatray 86 similar samples on MalwareBazaar
TLSH T18354AE61B28A4332C7DFC0B86D0FBAD63A2DED9E12BB5D1C5FB5915E42089DC940B12D
Reporter nao_sec
Tags:exe Malsmoke ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
JavaE.dll
Verdict:
No threats detected
Analysis date:
2021-08-05 07:21:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b342423f-0c16-4e3c-afc1-995af7922066

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176556/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.21450.3366.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Delayed reading of the file
Delayed writing of the file
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/34575796-688b-444e-869b-056e5462659b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/827822
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 460253 Sample: JavaE.dll Startdate: 05/08/2021 Architecture: WINDOWS Score: 48 28 Multi AV Scanner detection for submitted file 2->28 7 loaddll32.exe 1 2->7         started        process3 process4 9 iexplore.exe 2 71 7->9         started        11 cmd.exe 1 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 iexplore.exe 127 9->17         started        20 rundll32.exe 11->20         started        dnsIp6 22 geolocation.onetrust.com 104.20.184.68, 443, 49724, 49725 CLOUDFLARENETUS United States 17->22 24 btloader.com 104.26.6.139, 443, 49728, 49729 CLOUDFLARENETUS United States 17->24 26 5 other IPs or domains 17->26
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/86c37d778f584a2a3090ab170c8cd2fb3ddf952cde689b4c5a1efd74fc113a05/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2021-08-04 00:51:04 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q3bx254plbfcumeqvmlqzdgs7m657fjm3zujwtc2d36xj7arhicq._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
12e5c221195f7d0a47b98b5d5fff26ea8fc4ad4f76f1c21f47e3a73102f18c59
ZLoader
2aad576a107cd5cb031c13a85f8403a3b0e377a608a1af77f6e5607295bd54eb
ZLoader
3f1f00054377124affd8fb24f61b9a670858cc44282ffcf0341907f9dbcf1d51
ZLoader
44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b
ZLoader
481af12b4e027b76b68c817c3cb806291f52042d3b5dce2e9f073408f596e206
ZLoader
8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d
ZLoader
89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e
ZLoader
9ef6c5467fd80274e6a37e2883a5e83a894cf2148ce37bf0adb1e884acbc4c0b
ZLoader
a7f441793b5703b349ebb2509b6af1cdfdd8023d8e56f1f9a57b9d74e69bd9a9
ZLoader
cbf6848b72b118e090953347982de71cfe1510dfdc4affdb1ee4d5d62af428d6
ZLoader
+ 76 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:vasja campaign:vasja botnet trojan
Link:
https://tria.ge/reports/210805-xqv4lhaxwn/
Behaviour
Suspicious use of WriteProcessMemory
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Unpacked files
SH256 hash:
86c37d778f584a2a3090ab170c8cd2fb3ddf952cde689b4c5a1efd74fc113a05
MD5 hash:
86cef6c066a05b3f67123fbf638b6b01
SHA1 hash:
81618f8ecc48541c219aa974e4b16cab8f34203b
Link:
https://www.unpac.me/results/6a02f875-c028-447f-8f77-156396137bea/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/86c37d778f584a2a3090ab170c8cd2fb3ddf952cde689b4c5a1efd74fc113a05

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/f74d00d1-61a9-4351-aa75-67904a81dd5d
Cape
Cape
https://www.capesandbox.com/analysis/176556/

Comments