MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Add tag Delete this sample Report a False Positive

SHA256 hash: 277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f
SHA3-384 hash: dae5af8bb69941070b2377af41a0fbe21e6d1c1095f543cffb87a7fb2032ddc6d9f425ba842dd0cf1884e0596c52afe5
SHA1 hash: f77cf9bb93945feb70c2519debbfbaec476156f3
MD5 hash: 6c7e2255031fdbb8efd157c2b4179319
humanhash: iowa-black-bravo-mississippi
File name:277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f
Download: download sample
Signature ZeuS
Create hunting rule
File size:141'824 bytes
First seen:2021-02-28 15:34:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3109dcd15fd9962082a2ee5da8d7b1e7 (1 x ZeuS)
ssdeep 3072:qoOfm/6UGHsQQMZa0EuNcFsC+5gvVgb1CztHnh73Yrx76hQB:qoOfGgLQMEuNclvVgb1CQrxKQB
Threatray 128 similar samples on MalwareBazaar
TLSH 27D3B0677480A0F3C96726719A6D773563FFCD3426399C83E3184E292976892B31E34B
Reporter @tildedennis
Tags:uncategorized ZeuS


Twitter
@tildedennis
uncategorized version 3.3.3.3

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'636
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f
Verdict:
Malicious activity
Analysis date:
2021-02-28 15:36:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d5551bf7-f8d3-4687-b1ba-36beeb4b917e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/120017/
Detection(s):
Win.Spyware.Zbot-1275
Create hunting rule

Win.Trojan.Zeus-6412294-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
ZeusVM
Create hunting rule
Detection:
malicious
Classification:
bank.troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/621384
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected ZeusVM e-Banking Trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Create hunting rule
Link:
https://mwdb.cert.pl/sample/277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2011-08-08 04:23:00 UTC
AV detection:
42 of 48 (87.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://www.spamhaus.org/query/hash/e5zxduxwsiy4jpwo2t2ytdzknpkx6h7hjchfbxwmnz7kmowvm57q._file
Verdict:
malicious
Similar samples:
06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
ZeuS
0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb
ZeuS
34b5489e0ec8a910e23c438abd532e63246597152ec0e14050c16461eac6baad
ZeuS
4763270a84a8a6d756eaf4b5d9ed3b6a0e9e254c682f075a5338247dca3403a3
ZeuS
5c3bde59fa48471670841beba658fc9cfe707fac64b4b7f8446dd51a7706d133
ZeuS
61b0aa94dc56585b7255398cd755e9db6fedd5b06ebca386b2dc5fddc8cf5478
ZeuS
80e91c0ded60f7e85fbcba6239d2969c0910be5e0a5107a7f843ed2b30fb0ff9
ZeuS
d1c4be3772ebe6d26f06e3e38ae667c3236e1f13658e652eed0aa14dac5f45f0
ZeuS
e4cd3a3bbf851aea2645ff32eeb8fbe177b79bf8149737c52acb413b2ff13eb6
ZeuS
f473938086334f7e6877e53b350339f11cfcc87ba10ec04a17bccfdf4d47a301
ZeuS
+ 118 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210228-72k3n3tdhn/
Behaviour
Modifies Internet Explorer settings
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f
MD5 hash:
6c7e2255031fdbb8efd157c2b4179319
SHA1 hash:
f77cf9bb93945feb70c2519debbfbaec476156f3
Link:
https://www.unpac.me/results/751213e3-db74-474a-9ba8-e3c11ec90bf1/
AV coverage:
87.50%
AV detections:
63 / 72
Link:
https://www.virustotal.com/gui/file/277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f/detection/f-277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f-1590376443
Threat name:
Zbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/uncategorized/
Cape
Cape
https://www.capesandbox.com/analysis/120017/

Comments