MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d30ed2b7cef34f949333c193626d07d47940869f07cb4ad5f068a8dcd2b9f38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d30ed2b7cef34f949333c193626d07d47940869f07cb4ad5f068a8dcd2b9f38
SHA3-384 hash: d8b658389d6897f05b16c1cc213f9442dc0292fc099d8f5efe84d04623b9917ed5a97ca701319efe8862546a4aabe90b
SHA1 hash: 699e00df86317ba464b5e11510472f5440c88f37
MD5 hash: 302c0223b72b07a68b20ade44e0d6820
humanhash: maryland-twelve-coffee-carbon
File name:2d30ed2b7cef34f949333c193626d07d47940869f07cb4ad5f068a8dcd2b9f38
Download: download sample
File size:60'416 bytes
First seen:2020-08-23 21:55:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 605d9b37cac7aa3d729707fd0661361c
ssdeep 1536:THf3oMv4PJbt83wTJgWpevLtAhMzYz3Fbpbud3R3/lS:D/oMQVnTepCuzOudnS
Threatray 55 similar samples on MalwareBazaar
TLSH 0C4302FD9B18A4CACC8637B959E7E197B6075D594214B50A48C3B3D0AC9F6838378AC1
Reporter tildedennis
Tags:zeus 1


Avatar
tildedennis
zeus 1 version 1.2.0.7

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/50167/
Detection(s):
Win.Trojan.Zbot-9528
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Enabling the 'hidden' option for recently created files
Sending a UDP request
Unauthorized injection to a system process
Enabling autorun
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/447155
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Creates an undocumented autostart registry key
Detected unpacking (changes PE section rights)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d30ed2b7cef34f949333c193626d07d47940869f07cb4ad5f068a8dcd2b9f38/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2011-06-07 18:07:00 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0784858faba61fdacdad3f9dce2a0803147be628aab9eeb2c8de0663010cd263
122de89a565be1341bcba562c9c99909185fc565491ff90ca5ddc0aa7dcd5f8a
27fe9d4d96f3a9d7061662925a21077a0a8652b0c5c1263c1f9d9558680686d8
3752c65cb7b5a3eba879dd5cc2c6d24eeaf14ca1674d05b76b2ec3e7354ed5f6
448730f2d4964a944073ec33556b6ee092034ad9c2bfc4d1c9ccb2ea5f2fa445
51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40
84cd847f2f244fc4f45d9ea1615018fd478f601e455236b6c662aeb94064004a
b796149f2778ac446b458afbf21f6e729d646f0810d010ac5deb6f3620aed860
d74d317525370d236775019f2ae386c688f7200500eead8553ef0d23116d75c0
f10634d37d3220faafddb7f5078cac8f2b6ed2a472ad68ff4b66e73908eb0706
+ 45 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200823-sv1kswp6ja/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2d30ed2b7cef34f949333c193626d07d47940869f07cb4ad5f068a8dcd2b9f38

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeus 1/
Cape
Cape
https://www.capesandbox.com/analysis/50167/

Comments