MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40
SHA3-384 hash: 91d325af3655e176768484b1306f0b7cb23e31b6fc6293975bcd09e8ce5566c684f1a3c7c1cc9087c0f484eda09e0a9e
SHA1 hash: c46c7c0c6dafc64cb7e7112638a8962483382800
MD5 hash: 3a2fae0e8b886f60ee5248f23c633979
humanhash: wyoming-uncle-july-double
File name:zeus 1_1.2.1.10.vir
Download: download sample
Signature ZeuS
File size:123'904 bytes
First seen:2020-07-19 19:52:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e4b34e846eb126a5adc0923b4c3d192b
ssdeep 3072:FO4rRon03/0FaXCELzOW8ArA5O80Oh+WDKCiHCS:I4rRo0PhLzO/yA5RpxHMt
TLSH 97C312E5F6D8CE34D73543FE2049AAB4901374F365DF9332679E5E8A08284B49E18F91
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.1.10

Intelligence


File Origin
# of uploads :
1
# of downloads :
35
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Creating a file in the Windows subdirectories
Enabling the 'hidden' option for recently created files
Unauthorized injection to a system process
Enabling autorun
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-07-18 21:58:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments