MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara Comments

SHA256 hash:	01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595
SHA3-384 hash:	d81239466237c834018fcc736c3986e53709433baaaf282dfa4ddce1f56ff1ce08646336dbe15c930f20e62a07d543cc
SHA1 hash:	6858b35fb3f5a6d49beab09c93bdc5bf189ba142
MD5 hash:	9c782133fc740af82359cea11c311cac
humanhash:	delta-three-delta-nevada
File name:	zeus 1_1.2.7.8.vir
Download:	download sample
Signature	ZeuS
File size:	164'864 bytes
First seen:	2020-07-19 17:30:39 UTC
Last seen:	2020-07-19 19:18:59 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5a498eee87e4d89512a84502f500181f
ssdeep	3072:YO5e3O4tSyUh9IEOWYS59JIl8LRkDMwrlLTRqxhcIFD2FBGbT4R:YEe+49UhF5r59JIM2wwrxTRqx7FaBccR
TLSH	44F3235E9A08756CF989537A287C87F13BB2B8708BCE5ACF76912C240C1DB787C16172
Reporter	@tildedennis
Tags:	ZeuS zeus 1

@tildedennis

zeus 1 version 1.2.7.8

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28012/

Detection(s):

Win.Keylogger.Bancos-6998854-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/389792

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595/

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2014-03-28 08:49:00 UTC

AV detection:

28 of 31 (90.32%)

Threat level

2/5

Detection(s):

Malicious file

Link:

https://www.spamhaus.org/query/hash/agix5mdfhancxu7aua33ic2irrd7pk7zcwg3l7mct7kxhc52qwkq._file

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/200719-9f4m5v3jdn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Program crash

Drops file in System32 directory

Modifies WinLogon for persistence

AV coverage:

83.10%

AV detections:

59 / 71

Link:

https://www.virustotal.com/gui/file/01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595/detection/f-01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595-1578645080

Threat name:

Unknown

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/28012/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample