MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara Comments

SHA256 hash:	51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40
SHA3-384 hash:	91d325af3655e176768484b1306f0b7cb23e31b6fc6293975bcd09e8ce5566c684f1a3c7c1cc9087c0f484eda09e0a9e
SHA1 hash:	c46c7c0c6dafc64cb7e7112638a8962483382800
MD5 hash:	3a2fae0e8b886f60ee5248f23c633979
humanhash:	wyoming-uncle-july-double
File name:	zeus 1_1.2.1.10.vir
Download:	download sample
Signature	ZeuS
File size:	123'904 bytes
First seen:	2020-07-19 19:52:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e4b34e846eb126a5adc0923b4c3d192b
ssdeep	3072:FO4rRon03/0FaXCELzOW8ArA5O80Oh+WDKCiHCS:I4rRo0PhLzO/yA5RpxHMt
TLSH	97C312E5F6D8CE34D73543FE2049AAB4901374F365DF9332679E5E8A08284B49E18F91
Reporter	@tildedennis
Tags:	zeus 1

@tildedennis

zeus 1 version 1.2.1.10

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28435/

Detection(s):

PUA.Win.Packer.D1s1g-5
PUA.Win.Packer.D1s1g-1
PUA.Win.Packer.D1s1g-2
Win.Trojan.Zbot-33618

Result

Verdict:

Malware

Maliciousness:

Behaviour

Unauthorized injection to a recently created process

Creating a file in the Windows subdirectories

Enabling the 'hidden' option for recently created files

Unauthorized injection to a system process

Enabling autorun

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/390703

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2011-07-18 21:58:00 UTC

AV detection:

30 of 31 (96.77%)

Threat level

5/5

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/200719-ttjy2p5ay6/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Suspicious use of SetThreadContext

Drops file in System32 directory

Modifies WinLogon for persistence

AV coverage:

83.56%

AV detections:

61 / 73

Link:

https://www.virustotal.com/gui/file/51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40/detection/f-51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40-1583150472

Threat name:

Unknown

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/28435/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample