MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de7da2ce5f2d7e5415bc3256cc5b7f97878ae9436497660b9add78829a8650cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: de7da2ce5f2d7e5415bc3256cc5b7f97878ae9436497660b9add78829a8650cf
SHA3-384 hash: 98379fe4c473f0d175432d1aa0293e71cb785efa2a83763f578ac4ece0dc1b748176460c2a000635ff974a0f86fbb898
SHA1 hash: b85f9bf19e02f7756ee4aeb32c41d4b117a75045
MD5 hash: 4aaf7ca556de0be48d9bb5bed405fa88
humanhash: nebraska-potato-echo-emma
File name:cYNhXOc.dll
Download: download sample
Signature ZLoader
File size:404'480 bytes
First seen:2020-07-22 17:00:29 UTC
Last seen:2020-07-28 09:10:23 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 615cf2e278e0fbf3be9691e085d86dad
ssdeep 6144:VhLHWQzNGP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQzNGYX1dIbHF5V09TlfDTthXc5M1j
TLSH 74845A0A7F04A4ABF697193D8E94F1F80E463C31AB5562F73AC05F4B76671473898A2C
Reporter @malware_traffic
Tags:dll ZLoader

Intelligence


File Origin
# of uploads :
3
# of downloads :
43
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.ZLoader
Status:
Malicious
First seen:
2020-07-22 17:02:06 UTC
AV detection:
21 of 31 (67.74%)
Threat level
  5/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
trojan botnet family:zloader
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
Extraction:
https://vlcafxbdjtlvlcduwhga.com/web/post.php
https://softwareserviceupdater3.com/web/post.php
https://softwareserviceupdater4.com/web/post.php
2b4@jfhu#sd43fd!42d
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments