MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 122de89a565be1341bcba562c9c99909185fc565491ff90ca5ddc0aa7dcd5f8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: 122de89a565be1341bcba562c9c99909185fc565491ff90ca5ddc0aa7dcd5f8a
SHA3-384 hash: 9902126c743d10db10cf98d85d5b5119aa481543c3ec1167ec31a2b7d26159af45542461850ab5bb1dd9b9f2e79ca8b7
SHA1 hash: 07b150eb19ddb124c5eb13eb760821a78ba1bbc9
MD5 hash: 39df9dd4657ec5f2b51dc7935d52cb32
humanhash: muppet-may-fillet-lemon
File name:zeus 1_1.2.1.6.vir
Download: download sample
Signature ZeuS
File size:223'232 bytes
First seen:2020-07-19 19:28:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c051702b13001e14e3e215ec8039965 (1 x ZeuS)
ssdeep 6144:EIIyGy4x+EJXS2BDXNqUf40AKRMbNrM57:EII04xNS2BDXfPLMbU
Threatray 72 similar samples on MalwareBazaar
TLSH EF24D01FB698783EF057D2F61E9957A4502AB83022C45D0BF744AF4AB6F4AC2F11670B
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.1.6

Intelligence


File Origin
# of uploads :
1
# of downloads :
153
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Buzus
Status:
Malicious
First seen:
2011-07-17 02:30:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of SetWindowsHookEx
Program crash
Suspicious use of SetThreadContext
Maps connected drives based on registry

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments