MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf90fce260606f17508445c8347dc274157bd269c002fd705ab168be96f28538. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf90fce260606f17508445c8347dc274157bd269c002fd705ab168be96f28538
SHA3-384 hash: fc42bd30c952870a3958ffb75190ea049abe6f3f9a493ce0ddbcb9d3e5b5f6045bead34c14b6d8df4d594e9b8a9cc054
SHA1 hash: 6e3bc68d2218ac23637b00df610c520772c736c5
MD5 hash: 1bf136992b6fcda92399bf6c65497b9a
humanhash: echo-oranges-nevada-two
File name:wp-keys_php
Download: download sample
Signature ZLoader
Create hunting rule
File size:494'592 bytes
First seen:2020-07-02 06:31:55 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3557ba91f384305b69b2bc24cf61dc34 (2 x ZLoader)
ssdeep 12288:Ma5a4LLsVPBl+w1BCY8dGDAHtb3+Wa+k:MarX4Puw1B/kHtb3A+k
Threatray 128 similar samples on MalwareBazaar
TLSH 32B4BF213BE28035F2BF473A69768A318D6DBC8185349DCB67D2654F063B1C2D269F1B
Reporter JAMESWT_WT
Tags:ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18290/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/cf90fce260606f17508445c8347dc274157bd269c002fd705ab168be96f28538/
Threat name:
Win32.Downloader.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 23:19:00 UTC
File Type:
PE (Dll)
AV detection:
20 of 29 (68.97%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z6ipzytambxroueeixedi7ocoqkxxutjyabp24c2wful5fxsqu4a._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf
ZLoader
3326d4607b164078735ee55313992c18e83e6b87b75faf350b8c61a99eb2b659
ZLoader
3bf8fbdad095013493d1b90f5c82880dc57145dfbb54fdf225ded88ba6b1618b
ZLoader
3dd800b875aa0ef2fa0923babdd4b162555a1c3ff3c58e9291d45fff82389816
ZLoader
5bbdd845eeb4c298a4edd8f578f4a832086559391ccb2e6e8b50b8c3c10b7fec
ZLoader
9c2ce7e11dbd811e2c3e001326f967a0457119b007baebc290e054fad52ea0f0
ZLoader
b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d
ZLoader
b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706
ZLoader
ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136
ZLoader
f28dd082013ee7df2f5956c4e8791e863e575aa64071af9a910826bc12d27acb
ZLoader
+ 118 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader evasion spyware
Link:
https://tria.ge/reports/200702-7k787pd2ee/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Modifies system certificate store
Blacklisted process makes network request
Suspicious use of NtCreateUserProcessOtherParentProcess
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/18290/

Comments