MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac431f62727dd999a3971e6e4914399333544dceabc787aacdf3b893519071b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac431f62727dd999a3971e6e4914399333544dceabc787aacdf3b893519071b7
SHA3-384 hash: 6cbb5270127cab38781afe1c58a412e45c9e5641c93424239d15358948d57ef343bcc1ee11be58d569b3ad39fc5e0a1b
SHA1 hash: 62ea06044d79c9f2f2f434e912daa941cdabb282
MD5 hash: 579e082173d10f2c4879a5f42d808753
humanhash: texas-princess-orange-batman
File name:SecuriteInfo.com.Gen.NN.ZedlaF.34570.hv8@aKzgA6di.13927
Download: download sample
Signature ZLoader
Create hunting rule
File size:1'169'920 bytes
First seen:2020-10-22 12:06:48 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 19627cb436f84a78ee209769bd6188f1 (2 x ZLoader)
ssdeep 24576:Z727PUky++IcuUpy6DV41veBDqQJyNlKLWyqc:Z727PUkyA1441veRqQJ6lK
TLSH ED45F1627686E82AC12E8638CE84ECFC66567D099F685CD730C47F0F39378654F78A19
Reporter SecuriteInfoCom
Tags:ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/74636/
Detection(s):
SecuriteInfo.com.Gen.NN.ZedlaF.34570.hv8@aKzgA6di.13927.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/507058
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac431f62727dd999a3971e6e4914399333544dceabc787aacdf3b893519071b7/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 10:13:24 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vrbr6ytspxmzti4xdzxesfbzsmzvitoovpdypkwn6o4jgumqog3q._file
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/201022-wyn56bdz6s/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
http://wingtonwelbemdon.com/web/post.php
http://donburitimesofindia.com/web/post.php
http://celtictimesofkarishan.com/web/post.php
http://welcometothehotelsoflifes.com/web/post.php
http://wheredidtheelllcctoncsgo.com/web/post.php
http://myworld2002020999.com/web/post.php
Unpacked files
SH256 hash:
ac431f62727dd999a3971e6e4914399333544dceabc787aacdf3b893519071b7
MD5 hash:
579e082173d10f2c4879a5f42d808753
SHA1 hash:
62ea06044d79c9f2f2f434e912daa941cdabb282
Link:
https://www.unpac.me/results/bff78205-3c24-4e28-8315-763ad8c47db3/
SH256 hash:
0d0268ff31d9a61aef08e9781e78f62432f286f20ef0946650cbaceec8b518df
MD5 hash:
ea75da741eb42bb9cb8408912838c291
SHA1 hash:
0e61a2aedad7b75ef3f1c39c02cba70413e032e7
Detections:
win_zloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/bff78205-3c24-4e28-8315-763ad8c47db3/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll ac431f62727dd999a3971e6e4914399333544dceabc787aacdf3b893519071b7

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/74636/
  
URLhaus
https://urlhaus.abuse.ch/url/733905/
  
Delivery method
Distributed via web download

Comments