MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be
SHA3-384 hash: a9e55e07c6b36b7722ca68af93e453ca87623b47e9760b4eb2d736bcef5b34c36ae8f7c8735ed64df2b2833b69628077
SHA1 hash: 7f41a221d837dcfc7ba40fe7eefc8b439ec3f689
MD5 hash: 8a6c8bb0d5cea9c614368abf69d5ecc8
humanhash: cardinal-lithium-georgia-quebec
File name:8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be
Download: download sample
Signature ZLoader
Create hunting rule
File size:461'656 bytes
First seen:2020-07-22 19:40:51 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 5ea1f7bf8cf11d7f5e0bc055abb63ab7 (1 x ZLoader)
ssdeep 12288:drPkuoNMqSEGnkiJtF//UiDjEE+of++WeGDL19z9ARi:tPku6rGnkiJ//M
Threatray 153 similar samples on MalwareBazaar
TLSH 82A4CF1526BB11ABFDE6427413690A76D027BE348A3E9C19D59033DA39FF8708634BD3
Reporter threathive
Tags:ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/31344/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/395428
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 249930 Sample: aWMkWJOAjB Startdate: 23/07/2020 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 9 10 6->8         started       
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 04:59:12 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2
ZLoader
0c8569e4304f46352b041dcb692f85c9e195130db2013d4f2216130603478035
ZLoader
23843640cfae43671a48b17dc4fe585a8e37e3767039f82448077c5b54694a57
ZLoader
25d19c2c3cb08b7634e2bc8ec87f05765bca558e74899c9e71e576d23cd70266
ZLoader
431a34f1ab6dec2c646b408b9b5ce091882244fde39498484fc0c73390d8f7f0
ZLoader
56f9b54e1e16887d66b8b9b7ea71d610951c18662a132cf7c9900d67b9745e81
ZLoader
5b831fb067dfb53992bb8a346e4fc038de6441a94ad5a3932dc8bd64f80e56fc
ZLoader
a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000
ZLoader
b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d
ZLoader
dec5d4a8805defd810a545d6cb3e46cb7bb72a63f0d1c60cef82baf15bfad39b
ZLoader
+ 143 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Link:
https://tria.ge/reports/200722-rq5fzc6516/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run key to start application
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
http://goodfoodserve.com/jly.dll
Cape
Cape
https://www.capesandbox.com/analysis/31344/

Comments