MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZLoader


Vendor detections: 12


Intelligence 12 IOCs YARA 3 File information Comments

SHA256 hash: b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f
SHA3-384 hash: a48414a023165fa5f430f08da6c23f3cb861517679e1cc065875e832308a695f5a0160fc31038eae7504c9787d791929
SHA1 hash: 46396892b9cafb2e59b8f667ec7822d0435384bb
MD5 hash: a80859c1cd44daad1450948a1276bc0d
humanhash: solar-bulldog-four-lion
File name:b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f
Download: download sample
Signature ZLoader
File size:305'152 bytes
First seen:2021-03-28 01:33:55 UTC
Last seen:2021-03-28 02:42:38 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 59690c603d08fbbc4dbba6c9f3250e8d (1 x ZLoader)
ssdeep 6144:xF1V8YAbIgXuYAS53LcbJ2A0ZzbYhHqh69j:nu5dAc3QbJLdHC69
Threatray 13 similar samples on MalwareBazaar
TLSH 4254AE3120D2C7B9C143A6368870B6079F98ECF5757881CBFBDA657F17749E0623898A
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.8.30.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
199
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Mikey
Status:
Malicious
First seen:
2021-03-22 18:32:28 UTC
AV detection:
12 of 27 (44.44%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
4d33e60bcdc7b4b18c745a4e6a179d7b23ec394afb652ede76098195f444e52e
MD5 hash:
b9c56027cb699c9948ef1c85f8dace45
SHA1 hash:
dc070aae414b59625c4d6b67d92625b8acfc57cf
Detections:
win_zloader_auto
SH256 hash:
b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f
MD5 hash:
a80859c1cd44daad1450948a1276bc0d
SHA1 hash:
46396892b9cafb2e59b8f667ec7822d0435384bb

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:crime_win32_zloader_a0
Author:Rony (@r0ny_123)
Description:Detects Zloader Payload
Rule name:win_zloader_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:Zloader
Author:kevoreilly
Description:Zloader Payload

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments