MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
SHA3-384 hash:	3bda0902ed1481ef4650b8166d05357223b8270a4d012fa65630404e115f5413ad14c91d9c87bdcaf0a21d05e05e2bf8
SHA1 hash:	80021e8fbc2720209df1ba35cb5f1d4cc5935b97
MD5 hash:	c1918f37dd75bfdb3f35e970eea9c1a3
humanhash:	idaho-eighteen-saturn-sierra
File name:	zloader 2_1.2.24.0.vir
Download:	download sample
Signature	ZLoader Create hunting rule
File size:	535'040 bytes
First seen:	2020-07-19 19:43:37 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	8b2ba19442f158a6ffddb3871e04fb79 (1 x ZLoader)
ssdeep	12288:gMrdsuMHLx/iNubk8p35Y4Vkf8sBqvCkfCkWZwCI:hds9F6UpG4S8sBRkfgd
Threatray	114 similar samples on MalwareBazaar
TLSH	65B41822B251C431E5B659F48E6AD2FE0B5C7F608B5088DB63D63E9F36386D19C3061B
Reporter	tildedennis
Tags:	ZLoader zloader 2

tildedennis

zloader 2 version 1.2.24.0

Intelligence

File Origin

# of uploads :

1

# of downloads :

98

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/2941/

Detection(s):

SecuriteInfo.com.Trojan.Dridex.696.25073.6981.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/390530

Behaviour

Behavior Graph:

Detection:

zloader

Link:

https://mwdb.cert.pl/sample/edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55/

Threat name:

Win32.Infostealer.Dridex

Status:

Malicious

First seen:

2020-05-05 01:23:16 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Verdict:

malicious

Label(s):

gozi

zloader

Result

Malware family:

zloader

Score:

10/10

Tags:

trojan botnet family:zloader

Link:

https://tria.ge/reports/200719-tna9m3npyx/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

Zloader, Terdot, DELoader, ZeusSphinx

Malware Config

C2 Extraction:

http://april30x3domain.com/post.php
http://april30domain.com/post.php

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zloader 2/

Cape

Cape

https://www.capesandbox.com/analysis/2941/

Cape

Cape

https://www.capesandbox.com/analysis/2864/

Cape

Cape

https://www.capesandbox.com/analysis/2863/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample