MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca6b21a84c2afa90faf0d82248d08f627048602d103aa50c0d547fd0c96d3a98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca6b21a84c2afa90faf0d82248d08f627048602d103aa50c0d547fd0c96d3a98
SHA3-384 hash: 7616a8d492e5bb16b00a6ef813964a424cab99ece8ef6e874eb28b51d5b5f577ef4f9777fa989cafdaadfe6304641c56
SHA1 hash: ecb3f1ba9256baa17c5551749182d41cbd3f53be
MD5 hash: 4193a2a9508a343c7be37782d7d1aeba
humanhash: ceiling-maryland-winner-virginia
File name:4193a2a9508a343c7be37782d7d1aeba.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:683'008 bytes
First seen:2020-11-08 07:57:40 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash a310eaa686fb53b40a6bebdee4cffc98 (2 x ZLoader)
ssdeep 12288:/SNqyfLwQuzEa3IjYVzP/pBSZ6mxcSi+NsC1lV+9Evu15Jajj9B:/i1Dwnn3/JgckNsQqEms
TLSH 44E4E051BA92D479C02A4836CD54E8FE5A2ABE10EE745CE732C43F6F3E355404A3DA1B
Reporter abuse_ch
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zbot-9784736-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/523908
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ca6b21a84c2afa90faf0d82248d08f627048602d103aa50c0d547fd0c96d3a98/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2020-11-08 07:59:03 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zjvsdkcmfl5jb6xq3areruepmjyeqybnca5kkdankr75bslnhkma._file
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:dll26 campaign:dll26 botnet trojan
Link:
https://tria.ge/reports/201108-tk9jmjjfdj/
Behaviour
Suspicious use of WriteProcessMemory
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://eecakesconf.at/web982/gate.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll ca6b21a84c2afa90faf0d82248d08f627048602d103aa50c0d547fd0c96d3a98

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/755088/
  
Delivery method
Distributed via web download

Comments