MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a1b8083cfab8ef2963afb1d6f9007936962245e0b990b29e23e3cdb8595589e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	1a1b8083cfab8ef2963afb1d6f9007936962245e0b990b29e23e3cdb8595589e
SHA3-384 hash:	9351f457e0b84a858dc6c07918c146a2ca2f9370b3621436b85d24a7cb7c29eb59fae376ac412d0cb2b80d18b8640573
SHA1 hash:	8b2e87914903651c0f411b2cfb91e662cd586312
MD5 hash:	d69a9922e54077b1e4bf7e957774b119
humanhash:	bravo-carolina-september-victor
File name:	zeus 1_1.3.0.31.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	833'024 bytes
First seen:	2020-07-19 19:33:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a11219a401400760d2414a5dd989112e (1 x ZeuS)
ssdeep	24576:cedVS45nTgYlcYHeSc6/ydoxo4oiuv7ARb:33NlFHT/BW4ozvKb
Threatray	256 similar samples on MalwareBazaar
TLSH	EE0533D03635E4B4C527B27C3906461D6C95AE328FAEF31BCB886AE87F8D1250CDE560
Reporter	tildedennis
Tags:	zeus 1

tildedennis

zeus 1 version 1.3.0.31

Intelligence

File Origin

# of uploads :

1

# of downloads :

103

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28254/

Detection(s):

PUA.Win.Packer.D1s1g-5

PUA.Win.Packer.D1s1g-1

PUA.Win.Packer.D1s1g-2

SecuriteInfo.com.BackDoor.Generic12.SCM.1981.4525.UNOFFICIAL

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/390369

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1a1b8083cfab8ef2963afb1d6f9007936962245e0b990b29e23e3cdb8595589e/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2014-05-27 21:31:15 UTC

AV detection:

46 of 48 (95.83%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-h9wrdv87le/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1a1b8083cfab8ef2963afb1d6f9007936962245e0b990b29e23e3cdb8595589e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

Cape

https://www.capesandbox.com/analysis/28254/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample