MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a876d95e8b8a431cfbc119986605e0393e5764f42f09193e94ca368908a3df38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a876d95e8b8a431cfbc119986605e0393e5764f42f09193e94ca368908a3df38
SHA3-384 hash: db0b9790cf22dfa537f0eeca49ae580df69193579854f0759cd222754f5feef54f45eab395154cff1b0ddde546c65a28
SHA1 hash: 65756353afd8c0c0379c6113a87ad90514ec6f3e
MD5 hash: 2b9ef0e0b75ad0bf5c6c55f83d8a3130
humanhash: april-alabama-wisconsin-pasta
File name:zalfxuR.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:642'560 bytes
First seen:2020-10-26 23:17:32 UTC
Last seen:2020-10-27 00:54:36 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 137bac18df4d4f8782f6b641b0285767 (1 x ZLoader)
ssdeep 12288:vT0kurPXCLO1aglnaDd0N5ZlXB05hG8MPPN/gCRjBOq/Fx7iPVUQtb:vT0t7na50jshG8iP3lMgFx7Oh
TLSH F8D4F1517B52E4B9E12E4938CD65E8FC562ABD06DE34889B34C03F6F3E321524B34E1A
Reporter malware_traffic
Tags:dll SILENTNIGHT ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/79581/
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/512857
Signature
Antivirus detection for URL or domain
Binary contains a suspicious time stamp
Contains functionality to inject code into remote processes
Found C&C like URL pattern
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a876d95e8b8a431cfbc119986605e0393e5764f42f09193e94ca368908a3df38/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 23:19:04 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/201026-s2sqmfft1a/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
http://wingtonwelbemdon.com/web/post.php
http://donburitimesofindia.com/web/post.php
http://celtictimesofkarishan.com/web/post.php
http://welcometothehotelsoflifes.com/web/post.php
http://wheredidtheelllcctoncsgo.com/web/post.php
http://myworld2002020999.com/web/post.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll a876d95e8b8a431cfbc119986605e0393e5764f42f09193e94ca368908a3df38

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/79581/
  
URLhaus
https://urlhaus.abuse.ch/url/733905/
  
Delivery method
Distributed via web download

Comments