MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 122de89a565be1341bcba562c9c99909185fc565491ff90ca5ddc0aa7dcd5f8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 122de89a565be1341bcba562c9c99909185fc565491ff90ca5ddc0aa7dcd5f8a
SHA3-384 hash: 9902126c743d10db10cf98d85d5b5119aa481543c3ec1167ec31a2b7d26159af45542461850ab5bb1dd9b9f2e79ca8b7
SHA1 hash: 07b150eb19ddb124c5eb13eb760821a78ba1bbc9
MD5 hash: 39df9dd4657ec5f2b51dc7935d52cb32
humanhash: muppet-may-fillet-lemon
File name:zeus 1_1.2.1.6.vir
Download: download sample
Signature ZeuS
File size:223'232 bytes
First seen:2020-07-19 19:28:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c051702b13001e14e3e215ec8039965
ssdeep 6144:EIIyGy4x+EJXS2BDXNqUf40AKRMbNrM57:EII04xNS2BDXfPLMbU
TLSH EF24D01FB698783EF057D2F61E9957A4502AB83022C45D0BF744AF4AB6F4AC2F11670B
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.1.6

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Buzus
Status:
Malicious
First seen:
2011-07-17 02:30:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of SetWindowsHookEx
Program crash
Suspicious use of SetThreadContext
Maps connected drives based on registry
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments