MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d
SHA3-384 hash: 87091e9588f9535459e041869dc5ead975ca60910eb0335cd0e467606fee75f42f2a44fef979ebe771d47199b5d778b1
SHA1 hash: 5afabf09b9ca6686cfa17c54b8e35c45c464f859
MD5 hash: 1960ee67cea7e2cdc6f417c9b065e387
humanhash: one-queen-colorado-pasta
File name:YTvxeyE.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:584'536 bytes
First seen:2020-10-20 10:20:45 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 1966de04a815924ba5cea559f565187e (1 x ZLoader)
ssdeep 6144:CACE98sDXeHfijLo9qLV+y58qGTOOU0qs4wLjqonWpWjaex:5CS6HQSm2qGK0EwLtWweO
Threatray 38 similar samples on MalwareBazaar
TLSH 5BC41A6368C3DF14D26E00F7C4FD69BC172186380E8C4F29EB5F88B6FA634593589669
Reporter ffforward
Tags:dll LRHOEUSYOEOXISTPKZ sovietzloader ZLoader

Code Signing Certificate

Organisation:LRHOEUSYOEOXISTPKZ
Issuer:LRHOEUSYOEOXISTPKZ
Algorithm:sha1WithRSA
Valid from:Oct 18 20:29:01 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 6C684382AC08F1B7422AFC42FF77CA0B
Thumbprint Algorithm:SHA256
Thumbprint: A6C9A2DB88A3A0F9A2FC39DB8CACD8750BDD7C88128E466B433FD3E9D7EB91CD
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/497516
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 10:22:05 UTC
File Type:
PE (Dll)
Extracted files:
33
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rckscppaasjng5kuoo64k5rhzxm5samjwbb7fi64pluurvmj5moq._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
15737d37308fb5a8745afb8c34249e387bad9b1d001f2fcaa44b8c0333286861
ZLoader
43793213377997037322e05eb5522a0509d45d55dbe634b957b66eea18f55aee
ZLoader
5694f91b4ded48c03a9a6d2be13f5d9300f873ee77ab4ac340facca786ef0f51
ZLoader
635643795ace3d11d9fcee724a6489deff5fd488005efe0ffe223b01c63109c6
ZLoader
89fe58276e356b9cfff31829f346c90363f20dd9d981da2491db0b7c67f77e86
ZLoader
9fde971b9df0e8944242b3517e851447d1a2ab20e295d33c3355440bd24aad8a
ZLoader
b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971
ZLoader
c842217385fa1a9462274e21cdcc9af2c0560e9c307090e708377d5c897d36cb
ZLoader
e5b375e6bd13f3bcc93e3f8687dca2ee2a77adeb8e445d2758a6db3259d3834c
ZLoader
eecaf5677c5c21d268261eef35a819549dda3c454e9b60e368070aa3bfd2f54c
ZLoader
+ 28 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201020-587p43qzcj/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d
MD5 hash:
1960ee67cea7e2cdc6f417c9b065e387
SHA1 hash:
5afabf09b9ca6686cfa17c54b8e35c45c464f859
Link:
https://www.unpac.me/results/3b14f2e8-7afa-444a-a33a-e6efca2791d1/
SH256 hash:
b93bbb99c93f2b4c3891850ff9748825c33d252afe1c2335cdd22ca142028217
MD5 hash:
4ade13a39c87a84b8ab3f5a8392a9b7f
SHA1 hash:
4c2c7e9401ea4d9f5ad8e12eff2b68625ec002df
Detections:
win_zloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/3b14f2e8-7afa-444a-a33a-e6efca2791d1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ZLoader

Excel file xls e758b12ea734ee85058f8d42fc1dce15f535bda4ddff3b424c92fa617622a675

ZLoader

DLL dll 8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d

(this sample)

  
Dropped by
SHA256 e758b12ea734ee85058f8d42fc1dce15f535bda4ddff3b424c92fa617622a675
Cape
Cape
https://www.capesandbox.com/analysis/73449/

Comments