MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16
SHA3-384 hash: 182e28b40747269afc07ea4029baced555a7a43c18f27be8ef3b9917e1a0b683fdcb9298f37ed444fce15f0536178f2b
SHA1 hash: c3f82ccb40edb637de19e3d1a042e9c3aea3ec75
MD5 hash: 4fe27f904713fc19f81aae2897943002
humanhash: louisiana-happy-artist-triple
File name:c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16
Download: download sample
Signature ZLoader
File size:593'408 bytes
First seen:2020-10-25 02:23:16 UTC
Last seen:2020-10-25 03:47:30 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 82bb4081b151512f3940b58f834946b5 (1 x ZLoader)
ssdeep 12288:EaQp6XB8xJSu2KNe+L83THUMgbP75eEKKJRuu88+bNkqWrnOA:EaQoXB8xJSDKNXI3T0MgDqKJHq1
TLSH 4AC4BE517882D03AE5BE4534CDA4E9FC166A7C51DF645CAB33D42F2F3A312C09A39A26
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.6.28.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
97
Origin country :
FR FR
Mail intelligence
Gathering data
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 303546 Sample: FxhqYy2bZM Startdate: 25/10/2020 Architecture: WINDOWS Score: 48 14 Multi AV Scanner detection for submitted file 2->14 6 loaddll32.exe 1 2->6         started        process3 process4 8 rundll32.exe 1 6->8         started        10 rundll32.exe 6->10         started        12 rundll32.exe 6->12         started       
Threat name:
Win32.Trojan.ZLoader
Status:
Malicious
First seen:
2020-10-20 23:18:04 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
zloader
Score:
  10/10
Tags:
trojan botnet family:zloader spyware
Behaviour
Suspicious use of WriteProcessMemory
Discovers systems in the same network
Gathers network information
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Reads user/profile data of web browsers
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php
https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php
https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
Unpacked files
SH256 hash:
c909c534b06661fb51fe27c5752aa7eca1a240200d2ff9b2d49c7baf52f3ca16
MD5 hash:
4fe27f904713fc19f81aae2897943002
SHA1 hash:
c3f82ccb40edb637de19e3d1a042e9c3aea3ec75

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments