MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 a7f441793b5703b349ebb2509b6af1cdfdd8023d8e56f1f9a57b9d74e69bd9a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
ZLoader
Vendor detections: 6
| SHA256 hash: | a7f441793b5703b349ebb2509b6af1cdfdd8023d8e56f1f9a57b9d74e69bd9a9 |
|---|---|
| SHA3-384 hash: | bfee23ae4999b4a7c2f353c1cf79115bf969c5b0fc77328068935eda522cc0d6dc4eba922bee862725d10858bd3a2c11 |
| SHA1 hash: | d49602514b4e6e4a9d9c6d199c0db5ea64359256 |
| MD5 hash: | 4cff80780a5018036cd2a74d35abdc05 |
| humanhash: | quiet-mississippi-skylark-edward |
| File name: | microsoft_shared.dll |
| Download: | download sample |
| Signature | ZLoader |
| File size: | 587'096 bytes |
| First seen: | 2020-11-17 13:14:03 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | b006510502b78034afa7a18cfcc942a1 (1 x ZLoader) |
| ssdeep | 6144:7XHlYpXExB3qG+ac85oFNSw8wfzaOCA0yQu:zHlYp0xB3qLac85kSK70Bu |
| Threatray | 61 similar samples on MalwareBazaar |
| TLSH | FEC46394BD591260E5AD0E32364B39AB45CB3443FB77602626E73FE5E4B01B43DBA321 |
| Reporter |  nao_sec |
| Tags: | Malsmoke ZLoader |
Intelligence
File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Threat name:
Win32.Trojan.ZLoader
Status:
Malicious
First seen:
2020-11-17 13:16:05 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
5/5
Verdict:
malicious
Label(s):
zloader
Similar samples:
+ 51 additional samples on MalwareBazaar
Result
Malware family:
zloader
Score:
10/10
Tags:
family:zloader botnet:googleaktualizacija campaign:googleaktualizacija2 botnet trojan
Behaviour
Suspicious use of WriteProcessMemory
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Unpacked files
SH256 hash:
a7f441793b5703b349ebb2509b6af1cdfdd8023d8e56f1f9a57b9d74e69bd9a9
MD5 hash:
4cff80780a5018036cd2a74d35abdc05
SHA1 hash:
d49602514b4e6e4a9d9c6d199c0db5ea64359256
SH256 hash:
ee6586ccc4836da9c390bc94f105fbb79423cc53e87d215f892217f1cb0ef9fd
MD5 hash:
1c1bbab0b46d6821297737d8dba763c4
SHA1 hash:
a599cde03214b000379c5e3da5a0dc345d5f26f5
Detections:
win_zloader_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
No further information available
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.