MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3738a4a5fc512d44852ab90f7fe37e91159117e484176a06506f41e0db70eae3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	3738a4a5fc512d44852ab90f7fe37e91159117e484176a06506f41e0db70eae3
SHA3-384 hash:	953f4ff0bef51c763e6770d5dc7d228c0edf2f6a90e5ec8cf9e818fb14358b137312c1e9d4c964e948bec719fd835f98
SHA1 hash:	d8730c6489e16b35868b9787fb69b1e1b38cd201
MD5 hash:	ad4396666fa436dc0bedfa892a4e7a54
humanhash:	skylark-jig-mexico-eighteen
File name:	zeus 2_2.0.8.1.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	176'205 bytes
First seen:	2020-07-19 19:48:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d69c6479660f6fc7022a75a7d35f4ebe (1 x ZeuS)
ssdeep	3072:S52x+LafViDCATSUCZyuT0P1lyI4uIET2HDeJe/b9cTwFyd6/xpks1+1u3+XDgF:E2xCR/CEuTe1lyIbIpDhDGTwFyd6/x7X
Threatray	8 similar samples on MalwareBazaar
TLSH	E60423DB3ABE8242FE0153B138AEAC2A7F6F481F90511D56AB1C7345406C6C95D9A3DC
Reporter	tildedennis
Tags:	zeus 2

tildedennis

zeus 2 version 2.0.8.1

Intelligence

File Origin

# of uploads :

1

# of downloads :

132

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

PUA.Win.Packer.Pecompact-71

PUA.Win.Packer.Pecompact-74

PUA.Win.Packer.Pecompact-75

PUA.Win.Packer.ProtectSharewar-2

PUA.Win.Packer.ProtectSharewar-3

Win.Trojan.Zbot-26033

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/390633

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3738a4a5fc512d44852ab90f7fe37e91159117e484176a06506f41e0db70eae3/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2011-07-12 12:21:00 UTC

AV detection:

23 of 25 (92.00%)

Threat level:

2/5

Verdict:

malicious

Label(s):

azorult

Similar samples:

0dece9fdaaf9fca84d4ea64f94e789ee03a7a7e663d138327c662c4fc23aa2bb

1a1b8083cfab8ef2963afb1d6f9007936962245e0b990b29e23e3cdb8595589e

1f3cb432fec1301eac03a16b40f08df0c29efd9e29b06f600581482a286d12f4

39c531db99d46a4b3906a41e6e1afdb2523106c795b11eecaf75bc3a1fbff57b

97877280bba9500fb1cb5d466a66337ff281c278339b089bcb661bbb342adcf1

ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b

c0d2ceba24c17b069ad6198e0ec0e041e6a39115172d52126d414d5ec0b00487

eaca8287ec8d461a944da43f061dd197225ff77979c8acc7017bb1ea8301f3b7

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-gtpq6lf8ba/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Suspicious use of SetThreadContext

Adds Run key to start application

Loads dropped DLL

Deletes itself

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3738a4a5fc512d44852ab90f7fe37e91159117e484176a06506f41e0db70eae3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 2/

Cape

Cape

https://www.capesandbox.com/analysis/28394/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample