MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5326134c6251c08ea874332464a9aba3a8a1328b042a1ce3b8c51b0407e4fcf5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5326134c6251c08ea874332464a9aba3a8a1328b042a1ce3b8c51b0407e4fcf5
SHA3-384 hash: d4cf7c0cd903590aff2133e782d10e9eda3fc30e3916a33a0f04860b3e9d60db7108448850804658a9c84ee8479ed2ce
SHA1 hash: b3aef29032d69ffb494737f202a838626ad5c7d7
MD5 hash: 428ca9c5eaf061219abf83bf1463913e
humanhash: grey-autumn-idaho-mexico
File name:zeus 2_2.0.7.0.vir
Download: download sample
Signature ZeuS
File size:155'136 bytes
First seen:2020-07-19 19:22:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8696bbd5f85c650798e9e0d8eca33bc5
ssdeep 3072:5VHUf9LkzJKU5JsDid9VYFJtPVKONTU7OTjSC1QE+qCs4Pb:5Vy9uz4DidQNPVLpBTjzX+qCs4Pb
TLSH 87E301716D0DCBDAC55288FECC6B50F66AC27D3ED961925313A93F2EB2B484C105D09C
Reporter @tildedennis
Tags:ZeuS zeus 2


Twitter
@tildedennis
zeus 2 version 2.0.7.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-07-03 18:16:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments