MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d6bc6e4160de2b643944978e6417707742e0d289dbf967bac789d79b67c920c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 9d6bc6e4160de2b643944978e6417707742e0d289dbf967bac789d79b67c920c
SHA3-384 hash: 5a837b220d4d9836190d8fb2856db006df4ac85c82452f2cd77cfe0ce61d5591172359a302cfc48186b6db3fc5cc4009
SHA1 hash: 1ee072c1103d0b1b2750284f4c9eb1686d86802c
MD5 hash: b1094a923b3d8b0f656150e958683ce6
humanhash: nine-delaware-pizza-indigo
File name:zloader_2.0.0.0.vir
Download: download sample
Signature Chthonic
File size:392'192 bytes
First seen:2020-07-19 19:25:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8fe562a90ba6ccd819043fa1a8482c6f
ssdeep 6144:xHjZ2Is0JM0PYvA9A5nfYV79Xjy+o8OcxO4aaXkDrG1zzauIdKGxHBU9:xHjZ2yJM0PQASVIxXGPcUBaX9WFQ8HB2
TLSH AB84BF107981803AC4B325754524E2B24DBD78710BB9DECF27D84ABA2F766C17739B2B
Reporter @tildedennis
Tags:Chthonic ZLoader


Twitter
@tildedennis
zloader version 2.0.0.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
18
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
96 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Emotet
Status:
Malicious
First seen:
2017-11-26 06:18:03 UTC
AV detection:
25 of 30 (83.33%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Adds Run key to start application
Adds Run key to start application
Deletes itself
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments