MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8989c184174f25a13a23242d9e7d2c99f74ca9e283d1d4b1ad642bdcb89ba63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: c8989c184174f25a13a23242d9e7d2c99f74ca9e283d1d4b1ad642bdcb89ba63
SHA3-384 hash: d2be987d5d52fc341ec35dd575ce1d62c8d07e02c2f4150ca1b6eba7fdda32c7ae703f47830f9efd1ee6e80655ed1a14
SHA1 hash: 3dc020fcd29a968f05ff6626fd59e71d6f764ede
MD5 hash: 3a901555dbd9d6bc0df6a5283043676d
humanhash: floor-two-yankee-oscar
File name:zloader_1.16.11.0.vir
Download: download sample
Signature ZLoader
File size:159'744 bytes
First seen:2020-07-19 19:51:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dd66069e9e138419372e41e3434a443e
ssdeep 3072:hNe1RgMcA1PYiDkYvf0n4fw09VvoyHgWldrTqx:hNOfm2d47yHDn
TLSH 27F3F1B37B892CB2F0FF06311A6789561D20B8F49F35E320B6914E5D6941EDECA1D322
Reporter @tildedennis
Tags:ZLoader


Twitter
@tildedennis
zloader version 1.16.11.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
35
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Fareit
Status:
Malicious
First seen:
2017-03-16 20:31:18 UTC
AV detection:
23 of 29 (79.31%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments