MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
ZLoader
Vendor detections: 7
| SHA256 hash: | f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224 |
|---|---|
| SHA3-384 hash: | c7da18d790ae3cc47bd6dd0b41b04868c23622ce22a346ade0a5bb37ca9f46aaa67ef30cfdb313695714b99f854b6241 |
| SHA1 hash: | f0aa6e50471e70d07a1b70207f38538cb31ed569 |
| MD5 hash: | e0af3054669d6232870b87e1e239a689 |
| humanhash: | texas-steak-nineteen-potato |
| File name: | f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224 |
| Download: | download sample |
| Signature | ZLoader |
| File size: | 389'120 bytes |
| First seen: | 2020-12-13 16:58:43 UTC |
| Last seen: | 2020-12-13 18:33:05 UTC |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | ac30ec1b90a9fedffe3cfc3e897b5a40 (1 x ZLoader) |
| ssdeep | 6144:j2yIqOCYbeyUaNpV55IQB5ykPgScnOfIvI+ZcZfqAf7Vv7U0+jG8CuJ:jPYb3UaNpV52QB5ykXcqacZfqARv7Bmj |
| TLSH | C984B012B9D0E035E76D12345C17EDB802A6BC0467AAFC5B33EE1E8F42A1792B533795 |
| Reporter |  tildedennis |
| Tags: | ZLoader zloader 2 |
Intelligence
File Origin
# of uploads :
2
# of downloads :
436
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Launching a process
Creating a file in the %AppData% subdirectories
Creating a window
DNS request
Sending a custom TCP request
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Signature
Contains functionality to inject code into remote processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Adware.RedCap
Status:
Malicious
First seen:
2020-12-12 05:20:01 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
20 of 29 (68.97%)
Threat level:
1/5
Result
Malware family:
zloader
Score:
10/10
Tags:
family:zloader botnet:kev campaign:11/12 botnet trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://www.businessinsurancelaw.com/wp-punch.php
https://squire.ae/wp-punch.php
https://lamun.pk/wp-punch.php
https://www.rcclabbd.com/wp-punch.php
https://thecype.com/wp-punch.php
https://theterteboltallbrow.tk/wp-smarts.php
https://squire.ae/wp-punch.php
https://lamun.pk/wp-punch.php
https://www.rcclabbd.com/wp-punch.php
https://thecype.com/wp-punch.php
https://theterteboltallbrow.tk/wp-smarts.php
Unpacked files
SH256 hash:
f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224
MD5 hash:
e0af3054669d6232870b87e1e239a689
SHA1 hash:
f0aa6e50471e70d07a1b70207f38538cb31ed569
SH256 hash:
9bfd487a6c8ab3f9c465468ca0f2487f59bf9a07e3b0016eb2f863c7dd7b2a69
MD5 hash:
490db1254aabf5cc5d1559111b72f177
SHA1 hash:
ad968a5b75cf55bcaebc3cb890ed0354d13c8617
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
ZLoader
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.