MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d47eaed2c55f0a29653978c06b503538712938aaab171f4db3bee9b3adaf02f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d47eaed2c55f0a29653978c06b503538712938aaab171f4db3bee9b3adaf02f7
SHA3-384 hash: c33b37012aa45c2da3a50003896edf010b7903ecb6add9494e2e136e0e5c3c4bddca5b68856a9c4b5ea9d5ba0fde78b3
SHA1 hash: 2dc6fcf00ab068449f553aa585a76d23c1ff5a6c
MD5 hash: 5a8263c98fe7859185bdabf2945649e9
humanhash: kansas-spring-ceiling-nuts
File name:5a8263c98fe7859185bdabf2945649e9.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:439'640 bytes
First seen:2020-10-07 04:32:16 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 4fd12319308b8413e33cf68fb63d30b5 (9 x ZLoader)
ssdeep 6144:ws3ToPMXLGnQE9NphY64U/jMIuxF8RrnFnknZn3nRmn/nlnenvnxnGn5nPYnhnpW:P3EPMbGnLphKeMIuxKRV7
Threatray 20 similar samples on MalwareBazaar
TLSH 88943E1ABCC04E9FD76A49B63DA41324169EED1D4751F10F87E4F662F0B0BF2AE90189
Reporter abuse_ch
Tags:dll ZLoader


Avatar
abuse_ch
ZLoader C2s:
fqnvtcpheas.su
fqnvtmqass.ru
fqnvsdaas.su
fqnesas.ru

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/483550
Signature
Antivirus detection for URL or domain
Creates autostart registry keys with suspicious values (likely registry only malware)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d47eaed2c55f0a29653978c06b503538712938aaab171f4db3bee9b3adaf02f7/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 04:34:07 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2r7k5uwfl4fcszjzpdagwubvhbyssofkvmlr6tntx3u3hlnpal3q._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2
ZLoader
1aa9a36f8aef3a7e0d24920b0c5ba67e2b47b6d83a5db1df4570755776bbf08a
ZLoader
5694f91b4ded48c03a9a6d2be13f5d9300f873ee77ab4ac340facca786ef0f51
ZLoader
635643795ace3d11d9fcee724a6489deff5fd488005efe0ffe223b01c63109c6
ZLoader
782ea4a6943ceafa3d1133c5cbba0bbb6cdd88953ffae7ab89ac8a7f79101e0a
ZLoader
89fe58276e356b9cfff31829f346c90363f20dd9d981da2491db0b7c67f77e86
ZLoader
9fde971b9df0e8944242b3517e851447d1a2ab20e295d33c3355440bd24aad8a
ZLoader
de0eea8bc0e496186731bd8f46f91ee535a76f97ada7840380902b6a97dbf1e3
ZLoader
e5b375e6bd13f3bcc93e3f8687dca2ee2a77adeb8e445d2758a6db3259d3834c
ZLoader
f3a538a0a43dc9a99a00e760764a0d43517beb25e832e763538ed29b5a9db058
ZLoader
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-yq9qsp9dk2/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
d47eaed2c55f0a29653978c06b503538712938aaab171f4db3bee9b3adaf02f7
MD5 hash:
5a8263c98fe7859185bdabf2945649e9
SHA1 hash:
2dc6fcf00ab068449f553aa585a76d23c1ff5a6c
Link:
https://www.unpac.me/results/a99bd114-cb00-435b-acff-ff1771a2c012/
SH256 hash:
38d5091aa0427ff34407b428d7ff680a785b76ece264d01ff9bdaa464ee417a7
MD5 hash:
b4a8a15a3b45828f21eff7d892de459b
SHA1 hash:
717b3a380f45769f217e224c6dec821cef01bd51
Link:
https://www.unpac.me/results/a99bd114-cb00-435b-acff-ff1771a2c012/
SH256 hash:
ce7f5ae9237ddd86641e99a6f0cda1210489f67ddf207dcb0bf4aa7fe39da445
MD5 hash:
1e17f776f58768d2ec68c1dfb0f95a85
SHA1 hash:
a71107037ec85023dfe577aa6076f7e17f68bf2d
Detections:
win_zloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/a99bd114-cb00-435b-acff-ff1771a2c012/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d47eaed2c55f0a29653978c06b503538712938aaab171f4db3bee9b3adaf02f7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_zloader_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll d47eaed2c55f0a29653978c06b503538712938aaab171f4db3bee9b3adaf02f7

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/68723/
  
URLhaus
https://urlhaus.abuse.ch/url/661272/
  
Delivery method
Distributed via web download

Comments