MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
SHA3-384 hash: 364110bb3fba77cdc7df07270bdbdfda7b305e89dafbbed630b9416fa38a0ac0d12c049b9fe3b7cbc18dcc6230dc7073
SHA1 hash: d86cc8b0439b75ffecf6df985161c81f028a6fe2
MD5 hash: 09580ec10df3398ce68c176121fbba66
humanhash: jupiter-beer-mango-fanta
File name:06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
Download: download sample
Signature ZeuS
Create hunting rule
File size:141'824 bytes
First seen:2021-02-07 14:09:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0b998d2a10b9f3bb78c6703e634f1aff (1 x ZeuS)
ssdeep 3072:/SV0AxFxYlFZR3v4iNGMHRHaFtC7qQZkGUGTVpAXhS5qsFwDFox63KruM:/Y0AKlFZR3v4icKHaFGxUsAXhSYsupUb
Threatray 123 similar samples on MalwareBazaar
TLSH D2D39F77B480A1B3C9A721719A69B62663FFDD2412399C83E3D80D2D39624D3732D74B
Reporter tildedennis
Tags:uncategorized ZeuS


Avatar
tildedennis
uncategorized version 7.7.7.7

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'391
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
Verdict:
Malicious activity
Analysis date:
2021-02-07 14:12:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f5d20edc-06ef-4fe4-b4a6-a5d45d2ed2af

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/115981/
Detection(s):
Win.Spyware.Zbot-1275
Create hunting rule

Win.Trojan.Zeus-6412294-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
ZeusVM
Create hunting rule
Detection:
malicious
Classification:
bank.troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/601286
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected ZeusVM e-Banking Trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2011-12-10 00:26:00 UTC
AV detection:
29 of 29 (100.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a2qlfq74oy2qn5rubxcplaxxtabxr57n5x5ya5kbv7xmubez3dgq._file
Verdict:
malicious
Similar samples:
0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb
ZeuS
0bde61b11f4d507d3a6f5ebfdb33829824f4819f1621f4a1f36f6d0edef0d6c2
ZeuS
34b5489e0ec8a910e23c438abd532e63246597152ec0e14050c16461eac6baad
ZeuS
4763270a84a8a6d756eaf4b5d9ed3b6a0e9e254c682f075a5338247dca3403a3
ZeuS
5c3bde59fa48471670841beba658fc9cfe707fac64b4b7f8446dd51a7706d133
ZeuS
61b0aa94dc56585b7255398cd755e9db6fedd5b06ebca386b2dc5fddc8cf5478
ZeuS
80e91c0ded60f7e85fbcba6239d2969c0910be5e0a5107a7f843ed2b30fb0ff9
ZeuS
e4cd3a3bbf851aea2645ff32eeb8fbe177b79bf8149737c52acb413b2ff13eb6
ZeuS
f06047b09abc77529969c5949deda36ff154539d1b9ed8942c22fbb307d8aac9
ZeuS
f473938086334f7e6877e53b350339f11cfcc87ba10ec04a17bccfdf4d47a301
ZeuS
+ 113 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210207-7ne7xnglza/
Behaviour
Modifies Internet Explorer settings
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
MD5 hash:
09580ec10df3398ce68c176121fbba66
SHA1 hash:
d86cc8b0439b75ffecf6df985161c81f028a6fe2
Link:
https://www.unpac.me/results/f903da49-87f6-49bd-b0a8-f6a048edfefa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/uncategorized/
Cape
Cape
https://www.capesandbox.com/analysis/115981/

Comments