MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fd0fedc1c314629e83f3e2ef6867e5cbaf15c4bd6235a8d9fadfc79bd441611. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0fd0fedc1c314629e83f3e2ef6867e5cbaf15c4bd6235a8d9fadfc79bd441611
SHA3-384 hash:	f7fcb878d67fd5e2e908a74d9ecf27260eba977e13fec2aab1a82e606ae43aa5b8591a3b2fdd19bfa54ff5a412b337a6
SHA1 hash:	79230e747bce5553f8ecb011ed2cc27019156e6d
MD5 hash:	53f5409ca57ffd734074ce61a247e714
humanhash:	salami-muppet-low-floor
File name:	zeus 2_2.0.8.9.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	444'770 bytes
First seen:	2020-07-19 17:21:36 UTC
Last seen:	2020-07-19 19:15:39 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a8e1f465af4b087abe0576455854d947 (1 x ZeuS)
ssdeep	6144:ndUtEL3J/P3uqHCs7l86KattFakx68+0+Go0nm9IMGPXXX5+Vp2gxw0Z:ndUtELpP3uGN7l8TaI8630nme5gJxrZ
Threatray	126 similar samples on MalwareBazaar
TLSH	2D94CF1A72D4CA32D67712300E75AA6E97BBBAB04E2F998763840E4E0F719D3173D351
Reporter	tildedennis
Tags:	ZeuS zeus 2

tildedennis

zeus 2 version 2.0.8.9

Intelligence

File Origin

# of uploads :

# of downloads :

121

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27968/

Detection(s):

SecuriteInfo.com.Generic_r.MXL.15539.7311.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/389817

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0fd0fedc1c314629e83f3e2ef6867e5cbaf15c4bd6235a8d9fadfc79bd441611/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2016-09-01 02:18:24 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/200719-l6exwat86s/

Behaviour

Suspicious use of AdjustPrivilegeToken

Checks whether UAC is enabled

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks whether UAC is enabled

Suspicious use of SetWindowsHookEx

Program crash

Suspicious use of SetThreadContext

Drops startup file

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0fd0fedc1c314629e83f3e2ef6867e5cbaf15c4bd6235a8d9fadfc79bd441611

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 2/

Cape

https://www.capesandbox.com/analysis/27968/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample