MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55412a1f909695ad8ec22a5302142a4c9194bd4c2de98672d41953b620bc2e27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 55412a1f909695ad8ec22a5302142a4c9194bd4c2de98672d41953b620bc2e27
SHA3-384 hash: 36f57066f8d52eddee83b023475abbd8ce07cab595ec1bb13dffbbdfc4f028c1abe6073d666ef3a51087ed5286ff44ef
SHA1 hash: d37159f02d5c6ab273edb92eb159f05d286c9d0a
MD5 hash: 16374c7a87c60d8c0faefcc168785af6
humanhash: carbon-finch-shade-rugby
File name:zeus 2_2.0.4.0.vir
Download: download sample
Signature ZeuS
File size:202'274 bytes
First seen:2020-07-19 17:14:26 UTC
Last seen:2020-07-19 19:13:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 45de74cc0535fec1de18d0fe854c4d4c
ssdeep 3072:ySBWedwMCxGLCGtyx1x1CQifypx60NPm2iKNlgBac:ySBWe2MCQGGb/qS0RmZSyBx
TLSH 4614B0373AA08263D4E876775FA0FE7205B7F40193A6892FA54194A49037AD7E307F27
Reporter @tildedennis
Tags:ZeuS zeus 2


Twitter
@tildedennis
zeus 2 version 2.0.4.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
18
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Packed.Zbot
Status:
Malicious
First seen:
2016-06-11 01:25:38 UTC
AV detection:
31 of 31 (100.00%)
Threat level
  1/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments