MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90394647034a0ebfcce39fb61261e2df0cfeddbcc9359cd432e6d800e6af3da6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90394647034a0ebfcce39fb61261e2df0cfeddbcc9359cd432e6d800e6af3da6
SHA3-384 hash: cfb5b728c8cd1c8d00629dda2d3c12798ecf63d91abc2595d5bcf9eca707bdbda100ce2d2806d90442ec1841dd426110
SHA1 hash: 97b9706aaf0d5173c4b26ed1252e047c27433f0f
MD5 hash: 6916f9817b4f36c6c0a01bf6ef7f8296
humanhash: friend-fix-coffee-thirteen
File name:JavaPlug-in.msi
Download: download sample
Signature ZLoader
Create hunting rule
File size:4'451'328 bytes
First seen:2021-03-20 02:53:03 UTC
Last seen:2021-03-20 04:33:39 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 98304:FVKz7PzcuQv+CUUz1tu5ho7b+jtCOl27tzJ+zDoijD8RP3EJxl:HKzcuM+Qu3o3+jtjc7Ls1jDUP3E
Threatray 1 similar samples on MalwareBazaar
TLSH 69262332F9C0CE3ED7E7063594AED665963DFE145935881B93683C0E29724E113BB31A
Reporter nao_sec
Tags:FakeInstaller Malsmoke

Intelligence

File Origin
# of uploads :
2
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/125739/
Detection(s):
SecuriteInfo.com.Program.Unwanted.4976.25849.11497.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/90394647034a0ebfcce39fb61261e2df0cfeddbcc9359cd432e6d800e6af3da6
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/90394647034a0ebfcce39fb61261e2df0cfeddbcc9359cd432e6d800e6af3da6/
Verdict:
unknown
Similar samples:
122ec58305457383ce015846fe9598d3ff42c7eae8de6d936d5751b31e75b18f
ZLoader
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210320-tbnx1bxr5a/
Behaviour
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates connected drives
Loads dropped DLL
Blocklisted process makes network request
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/90394647034a0ebfcce39fb61261e2df0cfeddbcc9359cd432e6d800e6af3da6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

Microsoft Software Installer (MSI) msi 90394647034a0ebfcce39fb61261e2df0cfeddbcc9359cd432e6d800e6af3da6

(this sample)

ZLoader

Executable exe 607a091d00b4660179f3b9c85bf1cd66edf3a2bc6bfcd794e60030b67363464c

  
X
https://twitter.com/nao_sec/status/1373105146499010564
  
Dropping
SHA256 607a091d00b4660179f3b9c85bf1cd66edf3a2bc6bfcd794e60030b67363464c
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/125739/

Comments