MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24a1e4d82d8a6b9594aa9bc4d26df0f212c6b2cf48964fdd46cdad6c03782a1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24a1e4d82d8a6b9594aa9bc4d26df0f212c6b2cf48964fdd46cdad6c03782a1f
SHA3-384 hash: eb7d903c937776c9fc16551c429a36d664a33545ea41e2b8b04489dd3d63b69fb53de127381cc003d26fe0e7bd7db38e
SHA1 hash: 3c5e412f33bf8922a852655c1902b71b20a9e2dd
MD5 hash: e36b25830df4d73225aa84d6cdc73540
humanhash: timing-tennis-uncle-alpha
File name:24a1e4d82d8a6b9594aa9bc4d26df0f212c6b2cf48964fdd46cdad6c03782a1f
Download: download sample
Signature ZeuS
Create hunting rule
File size:238'577 bytes
First seen:2020-06-17 09:28:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9f965e238de315597d990bf81c19377f (1 x ZeuS)
ssdeep 6144:ht3mOOy8ILu9XDqVEQWmXr3klYS3w4xBaImy4aRawAjr1vth:GOj8I2XDsngWaGN4nAtv7
Threatray 496 similar samples on MalwareBazaar
TLSH 7A341287FFEE2BE9F8D2497090DDA51349F172550E6442ACD63556B32DE07E40382BCA
Reporter JAMESWT_WT
Tags:ZeuS

Code Signing Certificate

Organisation:VeriSign Time Stamping Services Signer - G2
Issuer:VeriSign Time Stamping Services CA
Algorithm:sha1WithRSAEncryption
Valid from:Jun 15 00:00:00 2007 GMT
Valid to:Jun 14 23:59:59 2012 GMT
Serial number: 3825D7FAF861AF9EF490E726B5D65AD5
Intelligence: 44 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 8815DFF787F21FA8106760CB89C5B4493F4BD45E2CE801D2A4FE1F61DEE0C039
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19362/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2014-07-30 18:21:00 UTC
File Type:
PE (Exe)
Extracted files:
9
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0d812586b239b0ce1c4f3f9347386c75e70ab098659c019e100160078b821aa5
ZeuS
0d96c8a11fe748d1258fc20378d3e354fd468dd7ba9d07670497024b6fb03406
ZeuS
233e70b105e8fe2f1e9a41b68f380359c8666cea3d9d587ec2ec823cdda2a330
ZeuS
3ee04e378f6430e85f5756093e80b243c2ebbcb9f2ee77cc32acd1cd9e333301
ZeuS
4763270a84a8a6d756eaf4b5d9ed3b6a0e9e254c682f075a5338247dca3403a3
ZeuS
5c3bde59fa48471670841beba658fc9cfe707fac64b4b7f8446dd51a7706d133
ZeuS
73acff9ea3647f699cd645b09e652ca498eea7c5cee9f3cb573afda67a0ceeb2
ZeuS
88303bec606c271a2db6fe1bb0945c7e79835203ff2d9ee629c1d9e3987ccaac
ZeuS
e4cd3a3bbf851aea2645ff32eeb8fbe177b79bf8149737c52acb413b2ff13eb6
ZeuS
f473938086334f7e6877e53b350339f11cfcc87ba10ec04a17bccfdf4d47a301
ZeuS
+ 486 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200624-y7mlvjrs16/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run entry to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19362/

Comments