MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1532b3d37ff2ec7d70d7f8037b8cdf843d3cdd24adf860f4251d045ddf9d47c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1532b3d37ff2ec7d70d7f8037b8cdf843d3cdd24adf860f4251d045ddf9d47c
SHA3-384 hash: 60f41f3eb6fa9918208b4c85cf067c69da47a61e757f79ae740330de25472068cf4fedf0ac2c9986386b1f4333536e5d
SHA1 hash: 24695fee9af688864a789b0415c19918870fdff5
MD5 hash: 94fa4ef5c63b688a2813e95138198cb4
humanhash: orange-november-moon-artist
File name:july22.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:404'480 bytes
First seen:2020-07-25 00:14:52 UTC
Last seen:2020-10-20 06:49:13 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 615cf2e278e0fbf3be9691e085d86dad (2 x ZLoader, 1 x IcedID)
ssdeep 6144:VhLHWQz0GP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQz0GYX1dIbHF5V09TlfDTthXc5M1j
TLSH 81845A0A7F04A4ABF697193D8E94F1F80E463C31AB5562F73AC05F4B76671473898A2C
Reporter malware_traffic
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/32309/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/397787
Behaviour
Behavior Graph:
Download SVG
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c1532b3d37ff2ec7d70d7f8037b8cdf843d3cdd24adf860f4251d045ddf9d47c/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-07-25 00:16:06 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/200725-jw6c5c3brx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Suspicious use of NtCreateUserProcessOtherParentProcess
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://vlcafxbdjtlvlcduwhga.com/web/post.php
https://softwareserviceupdater3.com/web/post.php
https://softwareserviceupdater4.com/web/post.php
2b4@jfhu#sd43fd!42d
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c1532b3d37ff2ec7d70d7f8037b8cdf843d3cdd24adf860f4251d045ddf9d47c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll c1532b3d37ff2ec7d70d7f8037b8cdf843d3cdd24adf860f4251d045ddf9d47c

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/32309/
  
URLhaus
https://urlhaus.abuse.ch/url/417903/
  
Delivery method
Distributed via web download

Comments