MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41ea373c7a57eb0c9103d7b4edb4cc2a381f80cfff02dfe704f851ae8722853e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	41ea373c7a57eb0c9103d7b4edb4cc2a381f80cfff02dfe704f851ae8722853e
SHA3-384 hash:	e93c004ae93e151023444fd4623048d4432722aae1f69a861e7182952f4c57c52ebd82e09bc809436373d969e2804d69
SHA1 hash:	d9bdddec5dfaa40d07b437843d95f3dbc8f7bd3d
MD5 hash:	ab2a53cdd738d64f58f878a1d7b39355
humanhash:	jig-foxtrot-pasta-butter
File name:	zeus 2_2.0.9.5.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	182'784 bytes
First seen:	2020-07-19 19:28:43 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ee01196d0de65dd6bce39142565b16ce (1 x ZeuS)
ssdeep	3072:SyCeKU2KO8H2QBFs+ygzA5nK722dNYF+7sMFD2vJSCj5kl1reE:S1eK9KZVBpzA5nKS2d7zIvoA5Q1reE
Threatray	128 similar samples on MalwareBazaar
TLSH	6E04F136BCC4E031D55885B16F7A9D7B993FA5144326229F27C66648CCF12B0EF0B16B
Reporter	tildedennis
Tags:	ZeuS zeus 2

tildedennis

zeus 2 version 2.0.9.5

Intelligence

File Origin

# of uploads :

# of downloads :

244

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Zeus

Link:

https://www.capesandbox.com/analysis/28202/

Detection(s):

PUA.Win.Packer.BorlandCpp-9

SecuriteInfo.com.Win32.Cryptor.8690.21588.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/390271

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/41ea373c7a57eb0c9103d7b4edb4cc2a381f80cfff02dfe704f851ae8722853e/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2013-07-04 11:41:00 UTC

AV detection:

28 of 31 (90.32%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ihvdopd2k7vqzeid262o3ngmfi4b7agp74bn7zye7bi25bzcqu7a._file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-346e7y9ttx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Deletes itself

Loads dropped DLL

Adds policy Run key to start application

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/41ea373c7a57eb0c9103d7b4edb4cc2a381f80cfff02dfe704f851ae8722853e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 2/

Cape

https://www.capesandbox.com/analysis/28202/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample