MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e
SHA3-384 hash: aa20e0e8ce83a1e2a4a0b6078f6f315f2c9b45bf69deaaa71f7c341d1992514b4c5097676fde3d947c8a1d4f31d77b92
SHA1 hash: 6037c5618011853eb72a3bc1f80ff7189d8c9e98
MD5 hash: eda1efdb96d94d91a2f69f92da494777
humanhash: jupiter-sierra-nuts-potato
File name:QsMrQht.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:400'216 bytes
First seen:2020-10-21 17:58:59 UTC
Last seen:2020-10-21 19:02:03 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 4b47d41eb37b31776fa9474f56b010cf (2 x ZLoader)
ssdeep 3072:43l6jCzk0HdKCKshhMy9eH4EiuWFbcaoOOK9LV+EcNsBV9qRUVsNhm1:41CE98sDXeHfijLo9qLV+yJqG4Q1
Threatray 45 similar samples on MalwareBazaar
TLSH 7A844F6759C3DF04D23E40FBC5FCAAB8173182380E9D4F29E75E48B5FA474992A8426D
Reporter ffforward
Tags:AHYKURGXLQFNQZUZJZ dll signed sovietzloader ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/74283/
Detection(s):
SecuriteInfo.com.Generic.mg.eda1efdb96d94d91.22425.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/506269
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rhud55frbhzy54pz3dosvnqakqtof4smltyqm4l26pvsxw3jy6ha._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
15737d37308fb5a8745afb8c34249e387bad9b1d001f2fcaa44b8c0333286861
ZLoader
2146f27b05e76eac964c664ee1e6df16679ed030305b7ebe2298a606d03cdff3
ZLoader
44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b
ZLoader
49d7303aab08fdc92f4a19e794ff05b82b4286d2793cdef0f85821b7201ccacb
ZLoader
4c140b009e1f5360dfa41c20dee364c1cd3a8576081582a7514d63405506e92d
ZLoader
7888b57934a7de6293d3681f9758f80a2c41f657b36412fcecdb7cde13842b32
ZLoader
8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d
ZLoader
ad213eaf7436c9ebd4d1e3fe24ce4963a8d878b1b625198d5c8085c383f580dd
ZLoader
dbc2e7788019f8b0959377fa9e0f3d41d0db82445799721d1d77c583ac793e9a
ZLoader
f8a18069037f638bd441000534be458fd218578f750665cc3fe49e979ea40173
ZLoader
+ 35 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/201021-gcn91md7xs/
Behaviour
Suspicious use of WriteProcessMemory
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://kochamkkkras.ru/gate.php
https://uookqihwdid.ru/gate.php
https://iqowijsdakm.ru/gate.php
https://wiewjdmkfjn.ru/gate.php
https://dksaoidiakjd.su/gate.php
https://iweuiqjdakjd.su/gate.php
https://yuidskadjna.su/gate.php
https://olksmadnbdj.su/gate.php
https://odsakmdfnbs.su/gate.php
https://odsakjmdnhsaj.su/gate.php
Unpacked files
SH256 hash:
89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e
MD5 hash:
eda1efdb96d94d91a2f69f92da494777
SHA1 hash:
6037c5618011853eb72a3bc1f80ff7189d8c9e98
Link:
https://www.unpac.me/results/16d37ab8-350e-415d-b16b-808d8d75601c/
SH256 hash:
1e9bdd0b3f7399bf80792f7df72a163e8bdf1274562bd0d38cd50236ba19ea37
MD5 hash:
908dbfb3a19ce3fa1cea8ff9975053f1
SHA1 hash:
5452a25a5c2a150b23392601fc9958291a541128
Detections:
win_zloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/16d37ab8-350e-415d-b16b-808d8d75601c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_zloader_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ZLoader

Excel file xls 5f73bc5acef451e3b1af4be8fb0b0a24d701611cd4db99aad8ab54a5a289bcb2

ZLoader

DLL dll 89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e

(this sample)

  
Dropped by
SHA256 5f73bc5acef451e3b1af4be8fb0b0a24d701611cd4db99aad8ab54a5a289bcb2
Cape
Cape
https://www.capesandbox.com/analysis/74283/

Comments