MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40
SHA3-384 hash: 91d325af3655e176768484b1306f0b7cb23e31b6fc6293975bcd09e8ce5566c684f1a3c7c1cc9087c0f484eda09e0a9e
SHA1 hash: c46c7c0c6dafc64cb7e7112638a8962483382800
MD5 hash: 3a2fae0e8b886f60ee5248f23c633979
humanhash: wyoming-uncle-july-double
File name:zeus 1_1.2.1.10.vir
Download: download sample
Signature ZeuS
File size:123'904 bytes
First seen:2020-07-19 19:52:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e4b34e846eb126a5adc0923b4c3d192b (1 x ZeuS)
ssdeep 3072:FO4rRon03/0FaXCELzOW8ArA5O80Oh+WDKCiHCS:I4rRo0PhLzO/yA5RpxHMt
Threatray 220 similar samples on MalwareBazaar
TLSH 97C312E5F6D8CE34D73543FE2049AAB4901374F365DF9332679E5E8A08284B49E18F91
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.1.10

Intelligence


File Origin
# of uploads :
1
# of downloads :
79
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Creating a file in the Windows subdirectories
Enabling the 'hidden' option for recently created files
Unauthorized injection to a system process
Enabling autorun
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-07-18 21:58:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Drops file in System32 directory
Modifies WinLogon for persistence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments