MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments

SHA256 hash: 8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
SHA3-384 hash: d5123f87dd0df2151084f74ea3dbc84e6180613a1e928731ed1494793d704fced9f9a855fb8c43000177cf2f97f6df38
SHA1 hash: 1fa892f9280708e7c82e958bec516bb2b09351f3
MD5 hash: d2852a3b2a20846528cec53426fd5f9c
humanhash: arizona-beer-equal-network
File name:8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
Download: download sample
Signature ZLoader
File size:371'200 bytes
First seen:2021-02-14 14:12:14 UTC
Last seen:2021-02-14 15:53:30 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash ac24111956da8096856f399aab20c9c0 (1 x ZLoader)
ssdeep 6144:X5fVAHOvzY7zHY0Uxen/0TP1a2arz7JjOGG3v2WYXmpHdwpc2:X5wgmY0ZMTZIOGyv2WYWNdI
Threatray 2 similar samples on MalwareBazaar
TLSH 4B84CE107A90C0B2C49A5539CC64C2FD85AEBD61EF2985C3F6EC6F7F7B616D0463A206
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.8.29.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
177
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a file in the %AppData% subdirectories
Creating a window
DNS request
Sending a custom TCP request
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Signature
Contains functionality to inject code into remote processes
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2021-02-08 21:33:16 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
family:zloader botnet:kev campaign:08/02 botnet trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://earfetti.com/post.php
https://evalynews.com/post.php
https://zeistatwalk.tk/post.php
https://spiraninendreamneu.tk/post.php
Unpacked files
SH256 hash:
53ebd97f9bf818a3641f51fc3bc0aa2c593b579c492eebf3b2f0df918c160f55
MD5 hash:
e14ce3b322918b56b575b696ecae6d2d
SHA1 hash:
11fb2a04daf206b23a3a04fb8899a79d6a48293a
SH256 hash:
8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
MD5 hash:
d2852a3b2a20846528cec53426fd5f9c
SHA1 hash:
1fa892f9280708e7c82e958bec516bb2b09351f3

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments