MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
SHA3-384 hash: d5123f87dd0df2151084f74ea3dbc84e6180613a1e928731ed1494793d704fced9f9a855fb8c43000177cf2f97f6df38
SHA1 hash: 1fa892f9280708e7c82e958bec516bb2b09351f3
MD5 hash: d2852a3b2a20846528cec53426fd5f9c
humanhash: arizona-beer-equal-network
File name:8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
Download: download sample
Signature ZLoader
Create hunting rule
File size:371'200 bytes
First seen:2021-02-14 14:12:14 UTC
Last seen:2021-02-14 15:53:30 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash ac24111956da8096856f399aab20c9c0 (1 x ZLoader)
ssdeep 6144:X5fVAHOvzY7zHY0Uxen/0TP1a2arz7JjOGG3v2WYXmpHdwpc2:X5wgmY0ZMTZIOGyv2WYWNdI
Threatray 2 similar samples on MalwareBazaar
TLSH 4B84CE107A90C0B2C49A5539CC64C2FD85AEBD61EF2985C3F6EC6F7F7B616D0463A206
Reporter tildedennis
Tags:ZLoader zloader 2


Avatar
tildedennis
zloader 2 version 1.8.29.0

Intelligence

File Origin
# of uploads :
2
# of downloads :
206
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117078/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45701045.20370.13097.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a file in the %AppData% subdirectories
Creating a window
DNS request
Sending a custom TCP request
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/607573
Signature
Contains functionality to inject code into remote processes
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2021-02-08 21:33:16 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rzinuujynqxsm6x26gsbtzcgpvrmahexatyoc7ckugenbqeqzcza._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
34aa0bd4dc61cca23b7950282df26ce2e16a339b2895add65d46e6d317a11fe1
ZLoader
5c5c8af2a703aa1842f4ce9f9e83aeeac0e2cc2d3ed1bf9f9ad72b7f77e89a42
ZLoader
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:kev campaign:08/02 botnet trojan
Link:
https://tria.ge/reports/210214-vw3zm8jwws/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://earfetti.com/post.php
https://evalynews.com/post.php
https://zeistatwalk.tk/post.php
https://spiraninendreamneu.tk/post.php
Unpacked files
SH256 hash:
53ebd97f9bf818a3641f51fc3bc0aa2c593b579c492eebf3b2f0df918c160f55
MD5 hash:
e14ce3b322918b56b575b696ecae6d2d
SHA1 hash:
11fb2a04daf206b23a3a04fb8899a79d6a48293a
Link:
https://www.unpac.me/results/2fc44ff3-d112-4cce-bc60-59ce86af9949/
SH256 hash:
8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
MD5 hash:
d2852a3b2a20846528cec53426fd5f9c
SHA1 hash:
1fa892f9280708e7c82e958bec516bb2b09351f3
Link:
https://www.unpac.me/results/2fc44ff3-d112-4cce-bc60-59ce86af9949/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zloader 2/
Cape
Cape
https://www.capesandbox.com/analysis/117078/

Comments