MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90d088ada7c60c82a5881cc3dd095d8ede8b2086b4ed89fdb38872105e3c5bb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90d088ada7c60c82a5881cc3dd095d8ede8b2086b4ed89fdb38872105e3c5bb4
SHA3-384 hash: 969161959ad2dda86d97d20451173675ed5c0cdc0cf5e0db86bd25559a442263fff8a11b6f471003027022e3e0ee9d58
SHA1 hash: 3fd655244f3f34e6ba521a848d8f4f9432b411ba
MD5 hash: bf8d4753868d237c311298047c46d857
humanhash: mike-william-thirteen-steak
File name:SecuriteInfo.com.Generic.mg.bf8d4753868d237c.26064
Download: download sample
Signature ZLoader
Create hunting rule
File size:430'080 bytes
First seen:2020-08-12 20:01:35 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 737f335876d82bfbe039ec86f20adbcb (1 x ZLoader)
ssdeep 6144:O8Rf9Tx6NR1TqQFJRAJF992dWwNVEHbE55eXf6ZXo+vHJyi25j7IolO:7zVe2Qk/uWVbE55eCZXoGH47
Threatray 27 similar samples on MalwareBazaar
TLSH CD94D0087DA49935C46E113E0952C0BA6735BC80EB2C4AD377CCBE6F2B535985A373E6
Reporter SecuriteInfoCom
Tags:ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/44525/
Detection(s):
SecuriteInfo.com.Generic.mg.bf8d4753868d237c.26064.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a window
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/423923
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Found C&C like URL pattern
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/90d088ada7c60c82a5881cc3dd095d8ede8b2086b4ed89fdb38872105e3c5bb4/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 18:46:58 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
33d4b93f27fa6d5f68443a35b0640269b3f6a1cfd8e0015361e462bc369b0133
ZLoader
4bb204a752ee73fefdf46ac94f93031fb67e8d25e1b7b6160550ed55bf0cdec8
ZLoader
54a1ff16fd63ead406eec7b18303d4998ff43c078dc8c4257d6ba593a3e3b24d
ZLoader
611a159dab9ea0c0c470015c31490e77c3b3be94447fa1b227ac148228cf17e3
ZLoader
65c58463eaf930808c036d35954159c0631961dfcc3abaac19b5ca9d6aabf2b3
ZLoader
8e58233566c9227207f1045843d90703dda7c509a2d4b39212916a84930a2e63
ZLoader
9a25a087142a27b94b10f71bbd87bccaae81535b28563c0ceb3a2ac17814373e
ZLoader
c08e4f1b081a4c270c9e71877232f983a47f148f214df1cb9ff5ef529ad0b848
ZLoader
e4cd1a415a00bc216e6e322c38bd3a14e42c7b96276edb093df5d558e3802088
ZLoader
fe6c0de1471535fb2fabb167f7dd8eceb587ee9fb1a873afea30453719c2b80f
ZLoader
+ 17 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader persistence spyware
Link:
https://tria.ge/reports/200812-33gqq77g42/
Behaviour
Discovers systems in the same network
Gathers network information
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Reads user/profile data of web browsers
Blacklisted process makes network request
Suspicious use of NtCreateUserProcessOtherParentProcess
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
http://softwareserviceupdater1.com/web/post.php
http://softwareserviceupdater2.com/web/post.php
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nymaim
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/90d088ada7c60c82a5881cc3dd095d8ede8b2086b4ed89fdb38872105e3c5bb4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll 90d088ada7c60c82a5881cc3dd095d8ede8b2086b4ed89fdb38872105e3c5bb4

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/44525/
  
URLhaus
https://urlhaus.abuse.ch/url/431145/
  
Delivery method
Distributed via web download

Comments