MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9
SHA3-384 hash: 2f3cd4856607ec4a9f6b720fc1c2a50b97a8bfec08862d71a645b4e38dc875fab4293be04ba448ac4b8bb9e504934112
SHA1 hash: 369e3c4646a69b99a797e0e288fd3145e2a6f35a
MD5 hash: d91b498e5fc6c91e1e86b339407b58f7
humanhash: mike-papa-bravo-echo
File name:zloader 2_1.0.10.0.vir
Download: download sample
Signature ZLoader
File size:142'848 bytes
First seen:2020-07-19 19:50:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e4e0ea0662d52244c535e0fd3b19eb00
ssdeep 3072:XBkH2At/3YyzX2OpphkGYI+C9AwcOZBJ7zk:n6/IAFkCDc+BJ7w
TLSH DCD30785A51D1EA5DFC2A7368063637DC88BC0BEED70BB9387B29E51DD35039A9132C1
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.0.10.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
32
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-01-13 07:15:00 UTC
AV detection:
22 of 30 (73.33%)
Threat level
  2/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
persistence trojan botnet family:zloader
Behaviour
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
Extraction:
https://kdsidsiadsakfsas.com/gate.php
https://jdafiasfjsafahhfs.com/gate.php
https://dasifosafjasfhasf.com/gate.php
https://kasfajfsafhasfhaf.com/gate.php
https://fdsjfjdsfjdsjfdjsfh.com/gate.php
https://fdsjfjdsfjdsdsjajjs.com/gate.php
https://idisaudhasdhasdj.com/gate.php
https://dsjdjsjdsadhasdas.com/gate.php
https://dsdjfhdsufudhjas.com/gate.php
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments