MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1b349e159d5790a11fdb74b1f2311ac423557ecfad37d60ff3ef5219c5cee39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1b349e159d5790a11fdb74b1f2311ac423557ecfad37d60ff3ef5219c5cee39
SHA3-384 hash: 68f508c8fe51308e9a123909d0137a4f0510115c59b82b09dd4bb0ce28c737348486abfd4692fdf393a773cafd38be3b
SHA1 hash: 71a31271d24f0abf3d5a3905cf9bc0b4927cc937
MD5 hash: dfa117258a6d730b3bbec89013d7adeb
humanhash: charlie-monkey-wisconsin-alanine
File name:ZClient.exe
Download: download sample
File size:222'720 bytes
First seen:2020-06-05 13:12:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c6817070b1e9272fda06a39a69be7f6
ssdeep 3072:NzAShQYYIpTS4lOSQc9g5kea60y2Zh1uEbIeEppTBfgUjPIc36l:RA5YYgTldUkV6ygEEeEppTBYUjP
Threatray 33 similar samples on MalwareBazaar
TLSH D7243B88FB8349F1FD6304F018EAE7BF5635B8058C36BE76DE49DD51BA729320915288
Reporter amyajsoftitserv
Tags:malware Malware 2020 zlogame


Avatar
amyajsoftitserv
https://zloemu.net/files/ZClient.exe

https://zlogames.ru/

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 15:39:23 UTC
AV detection:
10 of 31 (32.26%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0c666978e3d3fbfa2fe40db4b7de89d5e4e9d4caeacc33b54ba0311aff72a23b
37d250d71a687db0e2c094fd5932bd32a6198a94b86553580d495cbb592d0f96
8a75c0e55378f9dc85aa262a1133a3d7b4c37d38502ac87a8f4bea0fc273e55f
99938664e2162f06313d017b275c7da25b45d578177911808a986f416377e15d
a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3
c0f12f5d49526c46f5887a4144c379c914070c37d1e185fd52d05d8a141e00d7
c190a5ad07413d85b0bd7da6c74b8cff0e46a10bdb15775d4b700b2de957ccd1
e6d6cda38ec798c76fb5727c7af199c496408484c68f3d7c0d34d6be09900ca0
e92abbc6be63f3e1144c883a40f758f701c6c856eac30c9565c88a0d0f6881c0
e97d4cbbbb923b04cee8f87235ad15ab83a7cba51984422cdfdcfefa7e81d457
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jb1satw4wn/
Behaviour
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Deletes itself
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c1b349e159d5790a11fdb74b1f2311ac423557ecfad37d60ff3ef5219c5cee39

(this sample)

  
Link
https://zloemu.net/files/ZClient.exe
  
Delivery method
Distributed via web download

Comments