MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb762227729d0faadc4c33a4a55b513673a9c76284773535b0e07d7e47d8413e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb762227729d0faadc4c33a4a55b513673a9c76284773535b0e07d7e47d8413e
SHA3-384 hash: 633535227e4c0bdf62698ab1702f72f92d3fbf89ce14836e4efb10bb6cc606544b88e5dece0be90a4897c9909bd97d31
SHA1 hash: 08aacb48ffcdc6b49af18d01155982984de230f7
MD5 hash: cde56cf0169830ee0059ee385c0c5eaf
humanhash: west-north-mirror-princess
File name:SecuriteInfo.com.Generic.mg.cde56cf0169830ee.29869
Download: download sample
File size:497'840 bytes
First seen:2020-05-05 18:43:27 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 5aea93441ad3d0a618b05bc5b3bc05ff
ssdeep 6144:o3uSkuqpikJJ0Zkt5GSd2OwuXz//71gJtpdY2/jF6qA6VSFzH0ZUH:vJuqIIoU5HdeuD//+3JcDqSFzz
Threatray 59 similar samples on MalwareBazaar
TLSH 78B412A37867DF7BCD9C0A75886CEEB48515C333A03681C433C84ED6A5ED4EF9A68245
Reporter SecuriteInfoCom

Code Signing Certificate

Organisation:LWLQKPPUVGXWVPSYTQ
Issuer:LWLQKPPUVGXWVPSYTQ
Algorithm:sha1WithRSA
Valid from:Jul 11 21:26:09 2019 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 409E34C17F6FAC8E4A1235AA5897ABC0
Thumbprint Algorithm:SHA256
Thumbprint: 0CDD7158D042EEAE0CD9E9919D5A8E417A91574DB9D77E7A9172CC393B1D7A0E
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.cde56cf0169830ee.29869.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zloader
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 16:47:34 UTC
File Type:
PE (Dll)
Extracted files:
3
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
29bf6be1fa9e4b72bb9e2eeb8156ea1c03311d157d1bb28a0cea1328c6fd473d
39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9
5ecdc843c22bf650e78bd9b4a533adabc49d0bfb8b183e9f1023862f1600ea8e
60544c6694620488b69e568b15c96b33971dd7343ba63da31f993332852871c2
81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f
8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1
92819abc5959ef5dcdec4ad5ffc638e8492d0deec4569fc9cef2501adec5474a
da550540689b015b44a2e03f37c23ed8c8730ccf9cb611490dc76a39782dce2b
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448
edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
+ 49 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:05/05 campaign:https://rswtgmhf.pw/wp-config.php botnet trojan
Link:
https://tria.ge/reports/201109-p28jm7xbtn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://fwgdhdln.icu/wp-config.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll cb762227729d0faadc4c33a4a55b513673a9c76284773535b0e07d7e47d8413e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358431/
  
Delivery method
Distributed via web download

Comments