MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb
SHA3-384 hash:	eba673f4be3bb844998be96ff47cb4abc1db1076edfc610373aa142a3cdae139d50f44c2557a33b3b0b92b74d2e4cc83
SHA1 hash:	c79aef469f13da247dd05ceaa8598bba2fd4beea
MD5 hash:	900568491ecc1da95ba6087e3d65d9ba
humanhash:	double-illinois-paris-wolfram
File name:	zeus 2_2.0.9.9.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	141'824 bytes
First seen:	2020-07-19 19:26:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	8825785be023302fab7480a841c2cc62 (1 x ZeuS)
ssdeep	3072:AygaG1cUjb7H5C1NOlrDmvg+w7yUpAHr+o6JZpAuN+Sw2xu8Fjrk:AygaM3zHZlsg+w7yUe+HJZpAukqrk
Threatray	133 similar samples on MalwareBazaar
TLSH	0BD3AF677480A0F3C9B72671AAA9B62563FFDD2432389C83E3184D693572993731D34B
Reporter	tildedennis
Tags:	ZeuS zeus 2

tildedennis

zeus 2 version 2.0.9.9

Intelligence

File Origin

# of uploads :

# of downloads :

119

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Zeus

Link:

https://www.capesandbox.com/analysis/28173/

Detection(s):

Win.Spyware.Zbot-1275

Win.Trojan.Zeus-6412294-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/390203

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2015-02-11 09:00:27 UTC

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=bkmnpngra6niqgngxuejrxroacsvtda6kiz2uck35i3kda2tws5q._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-5deez525ds/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

Adds Run key to start application

Deletes itself

Loads dropped DLL

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 2/

Cape

https://www.capesandbox.com/analysis/28173/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample