MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0eab1c5406f415f75ab39dbf3651cee9d41a0e0b6d5bdb51042412b57f0aea05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



VMZeuS


Vendor detections: 13


Intelligence 13 IOCs YARA 1 File information Comments

SHA256 hash: 0eab1c5406f415f75ab39dbf3651cee9d41a0e0b6d5bdb51042412b57f0aea05
SHA3-384 hash: b0660c4bcf1b3fe90e0e996b83c2eab2025c5fbe4111c554a3588daca9cbd6bd7ed2643160425c3450be744a3b2deeb4
SHA1 hash: e5870965f41cb82f454043845641ae92b6c6b939
MD5 hash: 56aa277081075438c3dbbef841299172
humanhash: yellow-minnesota-lemon-butter
File name:56aa277081075438c3dbbef841299172.bin
Download: download sample
Signature VMZeuS
File size:187'392 bytes
First seen:2022-08-27 01:48:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f6a985405556b98acbdb7255917b9fb5 (1 x VMZeuS)
ssdeep 3072:bGVWrMNKUhjhoo7MQW/ieN6RzNLWV+1hpNaL+90tLsVXzJQYMUCb:bGArMNKUhjWl/ieNULu8h39SLSuYMUCb
Threatray 88 similar samples on MalwareBazaar
TLSH T12E04BF3EB9D15877C86F213149E9B6B432EED730136A49C7E1CD0E0938529E2A739397
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter @tildedennis
Tags:exe unnamed10 vmzeus


Twitter
@tildedennis
unnamed10 version 0

Intelligence


File Origin
# of uploads :
1
# of downloads :
345
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
56aa277081075438c3dbbef841299172.bin
Verdict:
Malicious activity
Analysis date:
2022-08-27 01:51:07 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm greyware keylogger shell32.dll spyeye
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Detection:
malicious
Classification:
bank.troj
Score:
72 / 100
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected ZeusVM e-Banking Trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2022-08-26 16:01:55 UTC
File Type:
PE (Exe)
AV detection:
29 of 40 (72.50%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
0eab1c5406f415f75ab39dbf3651cee9d41a0e0b6d5bdb51042412b57f0aea05
MD5 hash:
56aa277081075438c3dbbef841299172
SHA1 hash:
e5870965f41cb82f454043845641ae92b6c6b939

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:meth_peb_parsing
Author:Willi Ballenthin

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments