MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Add tag Delete this sample Report a False Positive

SHA256 hash: c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16
SHA3-384 hash: 182e28b40747269afc07ea4029baced555a7a43c18f27be8ef3b9917e1a0b683fdcb9298f37ed444fce15f0536178f2b
SHA1 hash: c3f82ccb40edb637de19e3d1a042e9c3aea3ec75
MD5 hash: 4fe27f904713fc19f81aae2897943002
humanhash: louisiana-happy-artist-triple
File name:c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16
Download: download sample
Signature ZLoader
Create hunting rule
File size:593'408 bytes
First seen:2020-10-25 02:23:16 UTC
Last seen:2020-10-25 03:47:30 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 82bb4081b151512f3940b58f834946b5 (1 x ZLoader)
ssdeep 12288:EaQp6XB8xJSu2KNe+L83THUMgbP75eEKKJRuu88+bNkqWrnOA:EaQoXB8xJSDKNXI3T0MgDqKJHq1
TLSH 4AC4BE517882D03AE5BE4534CDA4E9FC166A7C51DF645CAB33D42F2F3A312C09A39A26
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.6.28.0

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
FR FR
Mail intelligence
Gathering data
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/75318/
Detection(s):
SecuriteInfo.com.W32.AIDetectVM.malware1.27392.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/508857
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 303546 Sample: FxhqYy2bZM Startdate: 25/10/2020 Architecture: WINDOWS Score: 48 14 Multi AV Scanner detection for submitted file 2->14 6 loaddll32.exe 1 2->6         started        process3 process4 8 rundll32.exe 1 6->8         started        10 rundll32.exe 6->10         started        12 rundll32.exe 6->12         started       
Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 23:18:04 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader spyware
Link:
https://tria.ge/reports/201025-rl8b8dmf26/
Behaviour
Suspicious use of WriteProcessMemory
Discovers systems in the same network
Gathers network information
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Reads user/profile data of web browsers
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php
https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php
https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
Unpacked files
SH256 hash:
c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16
MD5 hash:
4fe27f904713fc19f81aae2897943002
SHA1 hash:
c3f82ccb40edb637de19e3d1a042e9c3aea3ec75
Link:
https://www.unpac.me/results/7ee488f1-cd02-441d-8d9f-9580540b35d6/
AV coverage:
6.56%
AV detections:
4 / 61
Link:
https://www.virustotal.com/gui/file/c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16/detection/f-c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16-1603226723
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zloader 2/
Cape
Cape
https://www.capesandbox.com/analysis/75318/

Comments