MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 badc87166cc28491dcae0164e7dc027aeb4b98eea5f765f776f58d8683cdec6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: badc87166cc28491dcae0164e7dc027aeb4b98eea5f765f776f58d8683cdec6a
SHA3-384 hash: f2c69387fa3baf17aa132fb7e52dc39d8e08917d60ea22473e72b85c947a35c2a47b954a6cedfd20fe7f0be07350753d
SHA1 hash: ab33331de0ab0f9dddb2b8eb8e4e8c92b18a9c61
MD5 hash: 96874e8ec64976899a1f7b90022f3e43
humanhash: four-glucose-black-equal
File name:entomology.srt
Download: download sample
Signature ZLoader
Create hunting rule
File size:230'744 bytes
First seen:2020-06-16 07:29:53 UTC
Last seen:2020-06-16 15:52:03 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash c56ea0f36b0a72751d5902f37565311d (1 x Gozi, 1 x ZLoader)
ssdeep 3072:XPbq/XSqcbXdOg9gkx/yrNPwwApe6eIDK+C9iKy6K7kDlUzYak6ve432+fGxsN5w:jqKDXdOAgUKXvji7oDvaNm4mSGqe9d
Threatray 53 similar samples on MalwareBazaar
TLSH 9234E0A1B98FCD2BCC316EBA9D7C495925D30D93277E808BE613A58C9497DBB5330207
Reporter JAMESWT_WT
Tags:dll ZLoader

Code Signing Certificate

Organisation:YIYEBWXQHAHXTYLOTE
Issuer:YIYEBWXQHAHXTYLOTE
Algorithm:sha1WithRSA
Valid from:Jun 14 19:26:50 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: -2CA223BBAFA27077B408C7B1EE203127
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 8375F57B296156411C7E41E1EDAE12E379CC1FAC85624CBFC55256A759BDF746
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10644/
Detection(s):
SecuriteInfo.com.Trojan.Inject3.42831.1079.24804.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 01:13:56 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
23843640cfae43671a48b17dc4fe585a8e37e3767039f82448077c5b54694a57
ZLoader
3712c1a9e9ab864ee28897d0802179db4a2f664f61629f1154437640be377530
ZLoader
431a34f1ab6dec2c646b408b9b5ce091882244fde39498484fc0c73390d8f7f0
ZLoader
5557fd15d615f360af1aefa6a7e2bed3382e26bdabb08d7e5a8f0f9387449f3a
ZLoader
6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8
ZLoader
67b46301815d5ba32f90af114a459810902ba6d97a75821c8455b8103073b499
ZLoader
8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be
ZLoader
c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2
ZLoader
ca1b4e983030b69980269bb1335ba3baad6870024f564495ef99f5b98e4d07d3
ZLoader
eecaf5677c5c21d268261eef35a819549dda3c454e9b60e368070aa3bfd2f54c
ZLoader
+ 43 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/200624-kkaldd3t8x/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10644/

Comments