MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4537ddae449e5d460e3c18f33fdbe2d72321700200426dec253f1c9813470a57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VMZeuS


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4537ddae449e5d460e3c18f33fdbe2d72321700200426dec253f1c9813470a57
SHA3-384 hash: 780bad563945c9c8812d69fe0edb38c9517acafd387678804e7d52d7e706dbc64dead2f1a12bcba34b10d1af9f3dfa3a
SHA1 hash: a2f79bd38e99e7cc2e03d6cf62ddbdb3707d6da6
MD5 hash: 5c8df4e2f2ea5b69f1c6b65f7b6f73c0
humanhash: saturn-arizona-princess-nebraska
File name:bot.exe
Download: download sample
Signature VMZeuS
Create hunting rule
File size:141'312 bytes
First seen:2021-03-03 15:14:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1c2489367a741a394ef5f46c06397c1b (2 x VMZeuS, 1 x ZeuS)
ssdeep 3072:/caqyte62V77snHLLxtkyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONmm:/caBt477snHR/Y7PNNW4IxZ7zbC0rONH
Threatray 126 similar samples on MalwareBazaar
TLSH A9D3AF677480A0B2C5A73671AEA9B22563FFDD3427399C83E3980D6D25B1893731E347
Reporter JAMESWT_WT
Tags:vmzeus

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bot.exe
Verdict:
Malicious activity
Analysis date:
2021-03-03 14:52:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/24d3319a-927d-4588-b703-7ab1e6dcbad5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/121346/
Detection(s):
Win.Spyware.Zbot-1275
Create hunting rule

Win.Trojan.Zeus-6412294-0
Create hunting rule

Win.Trojan.Zbot-45091
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
ZeusVM
Create hunting rule
Detection:
malicious
Classification:
bank.troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/626141
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected ZeusVM e-Banking Trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4537ddae449e5d460e3c18f33fdbe2d72321700200426dec253f1c9813470a57/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2013-10-01 01:56:00 UTC
File Type:
PE (Exe)
AV detection:
47 of 48 (97.92%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
VMZeuS
0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb
VMZeuS
277371d2f69231c4beced4f5898f2a6bd57f1fe7488e50decc6e7ea63ad5677f
VMZeuS
34b5489e0ec8a910e23c438abd532e63246597152ec0e14050c16461eac6baad
VMZeuS
4763270a84a8a6d756eaf4b5d9ed3b6a0e9e254c682f075a5338247dca3403a3
VMZeuS
61b0aa94dc56585b7255398cd755e9db6fedd5b06ebca386b2dc5fddc8cf5478
VMZeuS
80e91c0ded60f7e85fbcba6239d2969c0910be5e0a5107a7f843ed2b30fb0ff9
VMZeuS
c980ee1107a12c2da7f71e10b3808e1c60481b1eb9d253ca3b387e5cb246ab50
VMZeuS
d03339104a85a196ea98e3caebda458931f2af281e5ed93f867d8caf1b157726
VMZeuS
f473938086334f7e6877e53b350339f11cfcc87ba10ec04a17bccfdf4d47a301
VMZeuS
+ 116 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210303-396rl3l7ja/
Behaviour
Modifies Internet Explorer settings
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
4537ddae449e5d460e3c18f33fdbe2d72321700200426dec253f1c9813470a57
MD5 hash:
5c8df4e2f2ea5b69f1c6b65f7b6f73c0
SHA1 hash:
a2f79bd38e99e7cc2e03d6cf62ddbdb3707d6da6
Detections:
win_zeus_auto
Create hunting rule
Link:
https://www.unpac.me/results/dc444d82-6daa-4e85-b25b-0987198cf43d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4537ddae449e5d460e3c18f33fdbe2d72321700200426dec253f1c9813470a57

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

VMZeuS

Executable exe 4537ddae449e5d460e3c18f33fdbe2d72321700200426dec253f1c9813470a57

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/121346/
  
URLhaus
https://urlhaus.abuse.ch/url/1044565/
  
Delivery method
Distributed via web download

Comments