MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 959a3cd5e58c2bbbb4a5179e658f6193fd6cf8d5d5384b4e6dca12fa7cbc2c74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 959a3cd5e58c2bbbb4a5179e658f6193fd6cf8d5d5384b4e6dca12fa7cbc2c74
SHA3-384 hash: 207921aee0eb8f94b1f59fb10234994c9fcc7587176daa68b73233b0a96f5290baf165e00055ff4b63dfc2904c162340
SHA1 hash: 40c8a1193954077628c5f89ee5ce9687d9f6f6de
MD5 hash: 0c5dadf565b1b19b47cbe98266f91152
humanhash: carbon-magnesium-glucose-sweet
File name:BKiPsIo.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:400'728 bytes
First seen:2020-10-22 17:48:14 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash ee6a56090f6a1813e908f3cd4291ea6f (2 x ZLoader)
ssdeep 3072:C05l6jCzk0HdKCKshhMy9eH4EiuWFbcaoOOK9LV+EcNsBQ9qRUVbomnN/:DnCE98sDXeHfijLo9qLV+yYqGjnN/
Threatray 46 similar samples on MalwareBazaar
TLSH 0E844F6759C3DF04D22E40FBC5FCAAB8133192380E9D4F29E75E48B5FA474992A8436D
Reporter ffforward
Tags:dll NOPVNXSIGTCRPCCRUA signed sovietzloader ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/74748/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/507505
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/959a3cd5e58c2bbbb4a5179e658f6193fd6cf8d5d5384b4e6dca12fa7cbc2c74/
Gathering data
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
15737d37308fb5a8745afb8c34249e387bad9b1d001f2fcaa44b8c0333286861
ZLoader
2146f27b05e76eac964c664ee1e6df16679ed030305b7ebe2298a606d03cdff3
ZLoader
44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b
ZLoader
49d7303aab08fdc92f4a19e794ff05b82b4286d2793cdef0f85821b7201ccacb
ZLoader
7888b57934a7de6293d3681f9758f80a2c41f657b36412fcecdb7cde13842b32
ZLoader
8895213de00492d3755473bdc57627cdd9d90189b043f2a3dc7ae948d589eb1d
ZLoader
89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e
ZLoader
ad213eaf7436c9ebd4d1e3fe24ce4963a8d878b1b625198d5c8085c383f580dd
ZLoader
dbc2e7788019f8b0959377fa9e0f3d41d0db82445799721d1d77c583ac793e9a
ZLoader
f8a18069037f638bd441000534be458fd218578f750665cc3fe49e979ea40173
ZLoader
+ 36 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/201022-zmeazdhpej/
Behaviour
Suspicious use of WriteProcessMemory
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://kochamkkkras.ru/gate.php
https://uookqihwdid.ru/gate.php
https://iqowijsdakm.ru/gate.php
https://wiewjdmkfjn.ru/gate.php
https://dksaoidiakjd.su/gate.php
https://iweuiqjdakjd.su/gate.php
https://yuidskadjna.su/gate.php
https://olksmadnbdj.su/gate.php
https://odsakmdfnbs.su/gate.php
https://odsakjmdnhsaj.su/gate.php
Unpacked files
SH256 hash:
959a3cd5e58c2bbbb4a5179e658f6193fd6cf8d5d5384b4e6dca12fa7cbc2c74
MD5 hash:
0c5dadf565b1b19b47cbe98266f91152
SHA1 hash:
40c8a1193954077628c5f89ee5ce9687d9f6f6de
Link:
https://www.unpac.me/results/b0732fdd-5eda-48f9-8725-3d8be8d92882/
SH256 hash:
e816468d3bdfd6e7df62b4a08ddc94066f7d660a71040aeaaf9455ed7e7d82ff
MD5 hash:
8c9a60612108a16a155b5127f93d05af
SHA1 hash:
126053237d410bacf789bfbdad9a06e346167983
Detections:
win_zloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/b0732fdd-5eda-48f9-8725-3d8be8d92882/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ZLoader

Excel file xls d51d8a8cddfb12fc63f295fae76ccd80dde62548cbfc7fdbfc559dd44382f8f0

ZLoader

DLL dll 959a3cd5e58c2bbbb4a5179e658f6193fd6cf8d5d5384b4e6dca12fa7cbc2c74

(this sample)

  
Dropped by
SHA256 d51d8a8cddfb12fc63f295fae76ccd80dde62548cbfc7fdbfc559dd44382f8f0
Cape
Cape
https://www.capesandbox.com/analysis/74748/

Comments