MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f45334733550d1ed6347c469380e55bb731def5c0c535bc81ced5a02f2cbd8ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f45334733550d1ed6347c469380e55bb731def5c0c535bc81ced5a02f2cbd8ea
SHA3-384 hash: feb63c40f06a7a9d754493e456d4621806d4b9ef1f41b5f7ba3a92d247b5b15a44d4256233fff4036d8c84f6fd9810f3
SHA1 hash: 52318e5ee0869113ef1b0613ece433950a738518
MD5 hash: 6194d6d5c247b9cb44fce201d8d9d7f4
humanhash: river-fruit-bakerloo-ohio
File name:SecuriteInfo.com.Win32.DHFF85024D_Mw.32342.29252
Download: download sample
File size:630'272 bytes
First seen:2020-06-11 17:32:00 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 424f9c23d896002bc10da6a82dd8bd5a (2 x Quakbot)
ssdeep 3072:eYkPy807G4DQRGSiZ+LwbUcsNTJiFJwjjeh2ULOgKNIfvqoaAU+/vQEdVxqMnJf6:APyH7l+4sdJeJoW4gO6qEvf/xqMZ
Threatray 44 similar samples on MalwareBazaar
TLSH E7D46B29265748BBECAF2D710CE96F02C119BC60B4751BBA21CD7F6E89755803E52B0F
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9045/
Detection(s):
SecuriteInfo.com.Win32.DHFF85024D_Mw.32342.29252.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Downloader.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 17:33:05 UTC
AV detection:
22 of 27 (81.48%)
Threat level:
  3/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
1bcf9a3648bac8ded65038381f3e40a590d0e2d5ec5d3cc8bca275a2939dad17
29bf6be1fa9e4b72bb9e2eeb8156ea1c03311d157d1bb28a0cea1328c6fd473d
3712c1a9e9ab864ee28897d0802179db4a2f664f61629f1154437640be377530
3bc843b534c96a38ab8f4b785f902f70dc8ebd48164aa0870562da285c49a9ec
42bb5eae534eb2cea979c300b797a65febf291b28aea0b9d8bbea7d0a41bffa2
4e14841c96a09f5850d1cf5fcb3526714c22d7174e3f75c8a309d8db36ecef93
b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971
c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
cb762227729d0faadc4c33a4a55b513673a9c76284773535b0e07d7e47d8413e
eecaf5677c5c21d268261eef35a819549dda3c454e9b60e368070aa3bfd2f54c
+ 34 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:spx138 campaign:spx138 botnet cryptone packer trojan
Link:
https://tria.ge/reports/201109-arlthggnxs/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://xeemoquo.top/treusparq.php
https://leeephee.top/treusparq.php
https://withifceale.top/treusparq.php
https://wpsnoum.pw/treusparq.php
https://wsaexdig.pw/treusparq.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/9045/

Comments