MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments

SHA256 hash: 06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
SHA3-384 hash: 364110bb3fba77cdc7df07270bdbdfda7b305e89dafbbed630b9416fa38a0ac0d12c049b9fe3b7cbc18dcc6230dc7073
SHA1 hash: d86cc8b0439b75ffecf6df985161c81f028a6fe2
MD5 hash: 09580ec10df3398ce68c176121fbba66
humanhash: jupiter-beer-mango-fanta
File name:06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
Download: download sample
Signature ZeuS
File size:141'824 bytes
First seen:2021-02-07 14:09:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0b998d2a10b9f3bb78c6703e634f1aff (1 x ZeuS)
ssdeep 3072:/SV0AxFxYlFZR3v4iNGMHRHaFtC7qQZkGUGTVpAXhS5qsFwDFox63KruM:/Y0AKlFZR3v4icKHaFGxUsAXhSYsupUb
Threatray 123 similar samples on MalwareBazaar
TLSH D2D39F77B480A1B3C9A721719A69B62663FFDD2412399C83E3D80D2D39624D3732D74B
Reporter @tildedennis
Tags:uncategorized ZeuS


Twitter
@tildedennis
uncategorized version 7.7.7.7

Intelligence


File Origin
# of uploads :
1
# of downloads :
1'265
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
Verdict:
Malicious activity
Analysis date:
2021-02-07 14:12:06 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Detection:
malicious
Classification:
bank.troj
Score:
72 / 100
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected ZeusVM e-Banking Trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-12-10 00:26:00 UTC
AV detection:
29 of 29 (100.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Modifies Internet Explorer settings
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
MD5 hash:
09580ec10df3398ce68c176121fbba66
SHA1 hash:
d86cc8b0439b75ffecf6df985161c81f028a6fe2

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments