MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e938d05e96bcf2e22ef498e76f1ce469c6ec3a24f9d8f787eba07c11fb4b3ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 4e938d05e96bcf2e22ef498e76f1ce469c6ec3a24f9d8f787eba07c11fb4b3ad
SHA3-384 hash: 6e9f53a2fc72b65f98d07a2794b4e943f0e8afb010f6ca33654119a87b000539b3d90584d60060dbf1dbd79577c0c1ef
SHA1 hash: 532e9b56e45ca1655649b82c5f9ce6ba232c3d13
MD5 hash: e2149b52b54eecc1052e0d24bb0a5091
humanhash: early-angel-queen-quiet
File name:zeus 2_2.0.6.2.vir
Download: download sample
Signature ZeuS
File size:114'176 bytes
First seen:2020-07-19 17:15:30 UTC
Last seen:2020-07-19 19:13:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e918cd690a58315e1520daa5af6e55dc
ssdeep 3072:IGHw8w5x3BWTWE5i2Uq7pxI4ao4U/aw03v:JQ9BIzUUpxh38v
TLSH A1B3024FB3A16F47D49A9C365419A60F9E58F72403B4CBD70AE4A24DBC9A1C2CF3E415
Reporter @tildedennis
Tags:ZeuS zeus 2


Twitter
@tildedennis
zeus 2 version 2.0.6.2

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Hacktool.CeeInject
Status:
Malicious
First seen:
2013-02-25 07:10:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  1/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments