MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26da38192a595e7c444ed150dfea0671156f3721e8c0ba4608afe405f62c5525. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26da38192a595e7c444ed150dfea0671156f3721e8c0ba4608afe405f62c5525
SHA3-384 hash: a694095ec0286848f976ac8d4b875f0f939de1c9569a570161b00518127c8e225f1a9fdbc278f21b4db52ab0d3ecd40d
SHA1 hash: 250b7c4e03094da5b2bb8cd49ba57065ce188bc7
MD5 hash: ab487e4eb8eddcac9fd6bcec1abdc026
humanhash: mirror-sixteen-red-vermont
File name:uncategorized_3.0.0.5.vir
Download: download sample
Signature ZeuS
Create hunting rule
File size:292'077 bytes
First seen:2020-07-19 19:31:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7d045f1a37c506e7f8f57ba9012187e3 (1 x ZeuS)
ssdeep 3072:E/hCI/6nz5y0v+ux6bCwJujTLUzReX1jS3mu8zmsME/AencwRfBRq1:chx3y6LsHy64+qVYAw1g
Threatray 10 similar samples on MalwareBazaar
TLSH 4C54B5239B726CD2F59052B2C9C91FA5705BBF319578F08E6F3025CF41A92E8AF5311A
Reporter tildedennis
Tags:uncategorized ZeuS


Avatar
tildedennis
uncategorized version 3.0.0.5

Intelligence

File Origin
# of uploads :
1
# of downloads :
317
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/28225/
Detection(s):
SecuriteInfo.com.Win32.Cryptor.26638.1247.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26da38192a595e7c444ed150dfea0671156f3721e8c0ba4608afe405f62c5525/
Threat name:
Win32.Trojan.Zbot
Create hunting rule
Status:
Malicious
First seen:
2014-12-12 22:05:00 UTC
AV detection:
29 of 30 (96.67%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
02b60a23298127408b70ac29f643ffa7c0acaf3fe359cb2a1e44fd6eb9680c64
ZeuS
0c86b7ceab16758dd8095aaceaf939cecb1c533d7389a60285bcae4e6b4896ae
ZeuS
260507c5490ea3272f9d11afc20323065a6ed5af06311c3b115ee91455b0b26b
ZeuS
4c26d9cbfa013795a0f2449f5a8c5bf3c880d4292d6ee2218f7a0520aff6b1ac
ZeuS
5feefba742eecb4eb287261d0d1b3ffa2a44535d88496edbc85f15975a471eaa
ZeuS
ba18496e32559ad12e6a0fbe8716b40a793259681507eaffb66a3abe98941c5b
ZeuS
c1f19b8a34c3d0cd5b0133fbc9f61f72d1469fee30d71ee825a2bf3c72f52932
ZeuS
c3ca6a64f95f07e7557eb0ed7968c7d7bf735b08478f517061542059930bbf32
ZeuS
dfdaf9167fa989d120f85a1d5c6433dd5c6834e8f239bc005b1134b6987eed9a
ZeuS
ec4f62108a0efc101539e57198ffffaac7be084e792b43daeb4561881c0fc2f2
ZeuS
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200719-xv2jxxdtgs/
Behaviour
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26da38192a595e7c444ed150dfea0671156f3721e8c0ba4608afe405f62c5525

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/uncategorized/
Cape
Cape
https://www.capesandbox.com/analysis/28225/

Comments