MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224
SHA3-384 hash: c7da18d790ae3cc47bd6dd0b41b04868c23622ce22a346ade0a5bb37ca9f46aaa67ef30cfdb313695714b99f854b6241
SHA1 hash: f0aa6e50471e70d07a1b70207f38538cb31ed569
MD5 hash: e0af3054669d6232870b87e1e239a689
humanhash: texas-steak-nineteen-potato
File name:f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224
Download: download sample
Signature ZLoader
File size:389'120 bytes
First seen:2020-12-13 16:58:43 UTC
Last seen:2020-12-13 18:33:05 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash ac30ec1b90a9fedffe3cfc3e897b5a40 (1 x ZLoader)
ssdeep 6144:j2yIqOCYbeyUaNpV55IQB5ykPgScnOfIvI+ZcZfqAf7Vv7U0+jG8CuJ:jPYb3UaNpV52QB5ykXcqacZfqARv7Bmj
TLSH C984B012B9D0E035E76D12345C17EDB802A6BC0467AAFC5B33EE1E8F42A1792B533795
Reporter @tildedennis
Tags:ZLoader zloader 2


Twitter
@tildedennis
zloader 2 version 1.7.29.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
409
Origin country :
FR FR
Mail intelligence
Gathering data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a file in the %AppData% subdirectories
Creating a window
DNS request
Sending a custom TCP request
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Signature
Contains functionality to inject code into remote processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Adware.RedCap
Status:
Malicious
First seen:
2020-12-12 05:20:01 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
20 of 29 (68.97%)
Threat level:
  1/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
family:zloader botnet:kev campaign:11/12 botnet trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://www.businessinsurancelaw.com/wp-punch.php
https://squire.ae/wp-punch.php
https://lamun.pk/wp-punch.php
https://www.rcclabbd.com/wp-punch.php
https://thecype.com/wp-punch.php
https://theterteboltallbrow.tk/wp-smarts.php
Unpacked files
SH256 hash:
f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224
MD5 hash:
e0af3054669d6232870b87e1e239a689
SHA1 hash:
f0aa6e50471e70d07a1b70207f38538cb31ed569
SH256 hash:
9bfd487a6c8ab3f9c465468ca0f2487f59bf9a07e3b0016eb2f863c7dd7b2a69
MD5 hash:
490db1254aabf5cc5d1559111b72f177
SHA1 hash:
ad968a5b75cf55bcaebc3cb890ed0354d13c8617

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments