MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
SHA3-384 hash: 3bda0902ed1481ef4650b8166d05357223b8270a4d012fa65630404e115f5413ad14c91d9c87bdcaf0a21d05e05e2bf8
SHA1 hash: 80021e8fbc2720209df1ba35cb5f1d4cc5935b97
MD5 hash: c1918f37dd75bfdb3f35e970eea9c1a3
humanhash: idaho-eighteen-saturn-sierra
File name:zloader 2_1.2.24.0.vir
Download: download sample
Signature ZLoader
File size:535'040 bytes
First seen:2020-07-19 19:43:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b2ba19442f158a6ffddb3871e04fb79
ssdeep 12288:gMrdsuMHLx/iNubk8p35Y4Vkf8sBqvCkfCkWZwCI:hds9F6UpG4S8sBRkfgd
TLSH 65B41822B251C431E5B659F48E6AD2FE0B5C7F608B5088DB63D63E9F36386D19C3061B
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.2.24.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
25
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Cridex
Status:
Malicious
First seen:
2020-05-05 01:23:16 UTC
AV detection:
24 of 30 (80.00%)
Threat level
  5/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
trojan botnet family:zloader
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
Extraction:
http://april30x3domain.com/post.php
http://april30domain.com/post.php
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments