MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d86c71e31f0690c2821365103529e10b9368bc63273eefd3869e3550d0a4570. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d86c71e31f0690c2821365103529e10b9368bc63273eefd3869e3550d0a4570
SHA3-384 hash: 8b82eb87e50bf3ab48eee94d75cfa21ffa4f3bc55709c915bc48baaf8f772d2ba9b23ba6a75c21e790b3cbb87e38b126
SHA1 hash: d9fd6515664d9d42db69b09ff1185f1c3201d93f
MD5 hash: a53a7a7ddfc1901ce9d9ead993bad1fb
humanhash: undress-pluto-mockingbird-stream
File name:a53a7a7ddfc1901ce9d9ead993bad1fb.bin
Download: download sample
File size:42'496 bytes
First seen:2024-09-20 13:14:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7eaeb8de82ab2c893d1195e30cc60321
ssdeep 768:XY+MLvRwnq1dvWnDXdFuWKgcTiNUW5xIcNpCPhXduYbg8AFFoLszo7VWAdE3r:XY5vR/KnDNFLKg88KiOulZFoLq+vdE3r
Threatray 65 similar samples on MalwareBazaar
TLSH T154138ED77BA1C8B3DC9000702679A72A67EEED234025A547C7684ED568319E3913BF1F
TrID 99.5% (.EXE) DOS Executable Generic (2000/1)
0.4% (.TAR) TAR - Tape ARchive (file) (10/3)
Magika pebin
Reporter tildedennis
Tags:exe prg ZeuS


Avatar
tildedennis
prg version 1.0.3.2

Intelligence

File Origin
# of uploads :
1
# of downloads :
445
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a53a7a7ddfc1901ce9d9ead993bad1fb.bin
Verdict:
No threats detected
Analysis date:
2024-09-20 13:15:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9e5f1981-4992-4c3c-9f70-d6c9574e9152

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Trojan.Gpcode-3
Create hunting rule

Win.Malware.Zbot-9951823-0
Create hunting rule

Win.Malware.Zbot-9969502-0
Create hunting rule

Win.Trojan.Zbot-36773
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66ed7559f129e67ada901793
Tags:
Zbot
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bancos gpcode masquerade packed xpack zbot
Link:
https://www.filescan.io/uploads/66ed7559800c7315e1ca97e9/reports/2746fad8-f5b8-4ea3-8633-b088f2c0b234/overview
Verdict:
Malicious
Labled as:
Trojan.Spy.Wsnpoem
Link:
https://www.hybrid-analysis.com/sample/1d86c71e31f0690c2821365103529e10b9368bc63273eefd3869e3550d0a4570
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/89bc9f24-7ba7-4251-8e01-9912db2ffb6e
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1514492
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1d86c71e31f0690c2821365103529e10b9368bc63273eefd3869e3550d0a4570
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d86c71e31f0690c2821365103529e10b9368bc63273eefd3869e3550d0a4570/
Threat name:
Win32.Infostealer.Zeus
Create hunting rule
Status:
Malicious
First seen:
2024-09-10 17:26:00 UTC
File Type:
PE (Exe)
AV detection:
36 of 38 (94.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dwdmohrr6buqykbbgziqguu6cc4tnc6ggjz657jynhrvkdikivya._file
Verdict:
malicious
Label(s):
zeus
Create hunting rule
Similar samples:
1d86c71e31f0690c2821365103529e10b9368bc63273eefd3869e3550d0a4570
78e23c0e50dc640d22b48e9a089c887ab3324b33815a5196bc1781120914cfe6
b6c2b60ae59ecefbfb43747a05d48a58fbd75dee7b094f9e61c694a6f7c864db
b96c33bae429f82baaa4f029296b97e43675101131b369a29dd486f6f9cd1fef
c72b40dc09749cc380491ebffca210c19004ebebc003e80b94852b23d0267a9b
f43ef0a7b6336e9e6eef6ee9f7049615c6b33b53d402d19fbb0b1575f6c2b1b4
+ 55 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/240920-qg8dnaxhqc/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/4612794d-01d4-4561-9018-892d94a2300f
Unpacked files
SH256 hash:
9b1cef8133525c22a21f69e5f313783483619051065f5450f46d94558ed1bd42
MD5 hash:
1c2f47d193b4565f85596a39e2e8fb80
SHA1 hash:
bc7d8917265a134846cb027687d5e8bae73c6cfb
Link:
https://www.unpac.me/results/23c7f8f6-a055-4fd9-89b0-9bd8dd5ca32f/
SH256 hash:
1d86c71e31f0690c2821365103529e10b9368bc63273eefd3869e3550d0a4570
MD5 hash:
a53a7a7ddfc1901ce9d9ead993bad1fb
SHA1 hash:
d9fd6515664d9d42db69b09ff1185f1c3201d93f
Link:
https://www.unpac.me/results/23c7f8f6-a055-4fd9-89b0-9bd8dd5ca32f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d86c71e31f0690c2821365103529e10b9368bc63273eefd3869e3550d0a4570

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:zbot
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/prg/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
SECURITY_BASE_APIUses Security Base APIadvapi32.dll::DuplicateToken

Comments