MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Add tag Delete this sample Report a False Positive

SHA256 hash: 01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595
SHA3-384 hash: d81239466237c834018fcc736c3986e53709433baaaf282dfa4ddce1f56ff1ce08646336dbe15c930f20e62a07d543cc
SHA1 hash: 6858b35fb3f5a6d49beab09c93bdc5bf189ba142
MD5 hash: 9c782133fc740af82359cea11c311cac
humanhash: delta-three-delta-nevada
File name:zeus 1_1.2.7.8.vir
Download: download sample
Signature ZeuS
Create hunting rule
File size:164'864 bytes
First seen:2020-07-19 17:30:39 UTC
Last seen:2020-07-19 19:18:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a498eee87e4d89512a84502f500181f (138 x AveMariaRAT, 56 x RedLineStealer, 7 x CoinMiner)
ssdeep 3072:YO5e3O4tSyUh9IEOWYS59JIl8LRkDMwrlLTRqxhcIFD2FBGbT4R:YEe+49UhF5r59JIM2wwrxTRqx7FaBccR
Threatray 68 similar samples on MalwareBazaar
TLSH 44F3235E9A08756CF989537A287C87F13BB2B8708BCE5ACF76912C240C1DB787C16172
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.7.8

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28012/
Detection(s):
Win.Keylogger.Bancos-6998854-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Detection:
n/a
Create hunting rule
Link:
https://mwdb.cert.pl/sample/01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2014-03-28 08:49:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://www.spamhaus.org/query/hash/agix5mdfhancxu7aua33ic2irrd7pk7zcwg3l7mct7kxhc52qwkq._file
Verdict:
malicious
Similar samples:
2647f35410168d2018a29f65b10dad4cf7016b883b4ff303dabac68521b76e88
ZeuS
334ff98908b85214d066418232804605967b4b8f71d20cfc11a32aeef187a25d
ZeuS
616c00fde99b42a7f988b56bcd66a94e244a626f3f581d00cc937119230b1531
ZeuS
6680a475582eb69a5bf028ebe5ae4ebd808e5da535336f0b0fe8a7ae6fe77a60
ZeuS
8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451
ZeuS
9bd8f6b14fc155ec3a53abbbba0e0528f5e95e92b712b2e0c89c221c2e420197
ZeuS
d3baf4f620bd6a65ad0bd17009869a496b7e660d97be21db920daedcf8f95868
ZeuS
da33ab6ea38ec6f285d82061991f014914fe718fe8516c04fa8dc38ea4ddcee2
ZeuS
e41a2e2c7225a85f1ed1638e93d1ced20be49c4f59315d1b0beca7fd7015ecee
ZeuS
f4e66813b40d4afceab66f9a176e7098016cd7bf38e49ec886c5c09b7b3716de
ZeuS
+ 58 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/200719-9f4m5v3jdn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence
AV coverage:
83.10%
AV detections:
59 / 71
Link:
https://www.virustotal.com/gui/file/01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595/detection/f-01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595-1578645080
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeus 1/
Cape
Cape
https://www.capesandbox.com/analysis/28012/

Comments