MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178
SHA3-384 hash: c34201d5c1d8e2562baa6b52fb23a6d399bcf24b30d28b3b15687124e783681655cb2a642af1c4ef15b2d46f607875e4
SHA1 hash: 6712833546ab1e1d94d7d92e03fcf118d9551c85
MD5 hash: 63f04650961b3a4450c5bd784a63fa66
humanhash: stream-potato-batman-tango
File name:0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178.bin
Download: download sample
Signature ZeuS
Create hunting rule
File size:863'232 bytes
First seen:2022-02-19 03:04:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a65502a70a2dad082aec77e16b79ce8f (1 x ZeuS)
ssdeep 12288:WrfR/+ayO8nQqCqPEFShI3R0HaYoHpKWPQAUkUbz3mcP0t9CybrzRPZ1brjmLQso:WAaYbzMFSIRWbgUvbUOyJZl3eZfy
TLSH T14105332AF4FE7AABEF1D07355D3178A2B4F085A4488BD51020D8478FDFEC2C6A615E80
Reporter tildedennis
Tags:exe ZeuS zeus 1


Avatar
tildedennis
zeus 1 version 1.2.7.19

Intelligence

File Origin
# of uploads :
1
# of downloads :
753
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
zoos.exe
Verdict:
Suspicious activity
Analysis date:
2022-02-19 03:09:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3f248656-24a1-47f1-b0fc-425507f2b9bd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/242617/
Detection(s):
Win.Spyware.Zbot-1278
Create hunting rule

Win.Trojan.Zbot-13076
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file in the Windows subdirectories
Enabling the 'hidden' option for recently created files
Unauthorized injection to a system process
Enabling autorun
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware keylogger overlay packed panda sinowal zbot
Link:
https://www.filescan.io/uploads/62105e5fa2660f3bb901bf03/reports/3b7fdcdd-30a6-4154-99f7-eb13d1a44065/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Zeus
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2a426537-29f7-432d-8b7f-c3b6666fb5d4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/942515
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Creates an undocumented autostart registry key
Detected unpacking (changes PE section rights)
Found evasive API chain (may stop execution after checking mutex)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2012-12-29 19:33:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220219-h5jffaabhn/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Drops file in System32 directory
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
445922d5caac914c16ab618d307578316c98c895d3fa07dc705b3c83b0570591
MD5 hash:
3d97795e7700568a7be3e2b3a8d06940
SHA1 hash:
6c50eeda98e75f0140dd7c25f4c4473ba79eab79
Detections:
win_zeus_auto
Create hunting rule
Link:
https://www.unpac.me/results/a0b06f09-3dcc-4f1f-b05a-03f630f5c98c/
SH256 hash:
0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178
MD5 hash:
63f04650961b3a4450c5bd784a63fa66
SHA1 hash:
6712833546ab1e1d94d7d92e03fcf118d9551c85
Link:
https://www.unpac.me/results/a0b06f09-3dcc-4f1f-b05a-03f630f5c98c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeus 1/
Cape
Cape
https://www.capesandbox.com/analysis/242617/

Comments


Avatar
Adm1n 32 USA commented on 2022-02-19 03:11:19 UTC

please add the ZeuS tag if possible

most common variant of ZeuS created on 2009-10-02