MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de0eea8bc0e496186731bd8f46f91ee535a76f97ada7840380902b6a97dbf1e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de0eea8bc0e496186731bd8f46f91ee535a76f97ada7840380902b6a97dbf1e3
SHA3-384 hash: 47abf89aec159d8aac513abb2ce3ba4d0d775cb5c6673693edd4c360f6ebbb9fafc1d1549b35bfa2b29afc70b7abbf6d
SHA1 hash: e9f568ac46d96b099baace9495668288ebaad54e
MD5 hash: 00d27f790f830e1aadbb63716245a0f7
humanhash: bulldog-cardinal-uniform-avocado
File name:00d27f790f830e1aadbb63716245a0f7.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:439'640 bytes
First seen:2020-10-07 04:31:50 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 4fd12319308b8413e33cf68fb63d30b5 (9 x ZLoader)
ssdeep 6144:Ds3ToPMXLGnQE9NphY64U/jMIuxF8RrnFnknZn3nRmn/nlnenvnxnGn5nPYnhnp6:A3EPMbGnLphKeMIuxKRUW
Threatray 18 similar samples on MalwareBazaar
TLSH C0943E1ABCC04E9FD76A49B63DA41324169EED1D4751F10F87E4F662F0B0BF2AE90189
Reporter abuse_ch
Tags:dll ZLoader


Avatar
abuse_ch
ZLoader C2s:
fqnvtcpheas.su
fqnvtmqass.ru
fqnvsdaas.su
fqnesas.ru

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/483551
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
Contains functionality to inject code into remote processes
Creates autostart registry keys with suspicious values (likely registry only malware)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/de0eea8bc0e496186731bd8f46f91ee535a76f97ada7840380902b6a97dbf1e3/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 04:33:08 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3yhovc6a4slbqzzrxwhun6i64u22o34xvwtyia4asavwvf636hrq._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2
ZLoader
1aa9a36f8aef3a7e0d24920b0c5ba67e2b47b6d83a5db1df4570755776bbf08a
ZLoader
43793213377997037322e05eb5522a0509d45d55dbe634b957b66eea18f55aee
ZLoader
5694f91b4ded48c03a9a6d2be13f5d9300f873ee77ab4ac340facca786ef0f51
ZLoader
635643795ace3d11d9fcee724a6489deff5fd488005efe0ffe223b01c63109c6
ZLoader
782ea4a6943ceafa3d1133c5cbba0bbb6cdd88953ffae7ab89ac8a7f79101e0a
ZLoader
89fe58276e356b9cfff31829f346c90363f20dd9d981da2491db0b7c67f77e86
ZLoader
9fde971b9df0e8944242b3517e851447d1a2ab20e295d33c3355440bd24aad8a
ZLoader
c842217385fa1a9462274e21cdcc9af2c0560e9c307090e708377d5c897d36cb
ZLoader
e5b375e6bd13f3bcc93e3f8687dca2ee2a77adeb8e445d2758a6db3259d3834c
ZLoader
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-492f5axfhn/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
de0eea8bc0e496186731bd8f46f91ee535a76f97ada7840380902b6a97dbf1e3
MD5 hash:
00d27f790f830e1aadbb63716245a0f7
SHA1 hash:
e9f568ac46d96b099baace9495668288ebaad54e
Link:
https://www.unpac.me/results/27cc2c17-d85c-49de-907b-fb0bfdc3175e/
SH256 hash:
ef55c9c1934a9303c48c97ce93c1c5d19a188bef94343a035b0e7086a1d29050
MD5 hash:
a17815ede336928e2924ee2ab97a6f7d
SHA1 hash:
627149ce9864d7d0df298b2ab731cf1d49cc1c03
Detections:
win_zloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/27cc2c17-d85c-49de-907b-fb0bfdc3175e/
SH256 hash:
85985615670a60d3b7fc3b926019dd23e2e8197ef8b465f2b784e54114dd39df
MD5 hash:
268748886322eae710ff2c3ae269c524
SHA1 hash:
67621abd5e5ec079fbfeb744d7791d752fbbd050
Link:
https://www.unpac.me/results/27cc2c17-d85c-49de-907b-fb0bfdc3175e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/de0eea8bc0e496186731bd8f46f91ee535a76f97ada7840380902b6a97dbf1e3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_zloader_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll de0eea8bc0e496186731bd8f46f91ee535a76f97ada7840380902b6a97dbf1e3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/661272/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/68719/

Comments