MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c5989776f8b71addd09414405bc9fc63e78b7fdf050015e3474df0f06a478ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash: 4c5989776f8b71addd09414405bc9fc63e78b7fdf050015e3474df0f06a478ca
SHA3-384 hash: a509718d63c538b4def8b14470a7cd814751428b3a7c3b87b3ff50e46f27459f9269457850993ea8e30da2ef8ed68d82
SHA1 hash: c5f7a0d97cdb9de9bde034a445f708eaa0c382b9
MD5 hash: 8b816b8777c453feed6e655f768c0caa
humanhash: stairway-delaware-whiskey-magnesium
File name:zeus 1_1.3.1.7.vir
Download: download sample
Signature ZeuS
File size:130'560 bytes
First seen:2020-07-19 19:35:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab29deafeca6064bfc54a8bfc762b66f (1 x ZeuS)
ssdeep 3072:jU6AhKrVqfD5a10rxcB1zp9Y+qWXB+/YNet1:jU69iDo1zpgX
Threatray 312 similar samples on MalwareBazaar
TLSH 27D3E186BD6C15ABC5DF27312CBB16168F90C46E566FD9013ACEDBDA0E892D6004F3E4
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.1.7

Intelligence


File Origin
# of uploads :
1
# of downloads :
349
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-07-10 05:58:00 UTC
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Drops file in System32 directory
Modifies WinLogon for persistence

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:win_zeus_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments