MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c5989776f8b71addd09414405bc9fc63e78b7fdf050015e3474df0f06a478ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 4c5989776f8b71addd09414405bc9fc63e78b7fdf050015e3474df0f06a478ca
SHA3-384 hash: a509718d63c538b4def8b14470a7cd814751428b3a7c3b87b3ff50e46f27459f9269457850993ea8e30da2ef8ed68d82
SHA1 hash: c5f7a0d97cdb9de9bde034a445f708eaa0c382b9
MD5 hash: 8b816b8777c453feed6e655f768c0caa
humanhash: stairway-delaware-whiskey-magnesium
File name:zeus 1_1.3.1.7.vir
Download: download sample
Signature ZeuS
File size:130'560 bytes
First seen:2020-07-19 19:35:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab29deafeca6064bfc54a8bfc762b66f
ssdeep 3072:jU6AhKrVqfD5a10rxcB1zp9Y+qWXB+/YNet1:jU69iDo1zpgX
TLSH 27D3E186BD6C15ABC5DF27312CBB16168F90C46E566FD9013ACEDBDA0E892D6004F3E4
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.1.7

Intelligence


File Origin
# of uploads :
1
# of downloads :
20
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-07-10 05:58:00 UTC
AV detection:
27 of 30 (90.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

Yara Signatures


Rule name:win_zeus_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments