MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5969cc370c2929ff7126536d7305f923a2ed66427932ede1b6ef21a7918c9b53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: 5969cc370c2929ff7126536d7305f923a2ed66427932ede1b6ef21a7918c9b53
SHA3-384 hash: 0ddac71b5d6c1289af86e621a202ba89aa5efc69c07e0f41b97fe1ba3ebaeb205db1ffa282083fc3482559ed0a99880c
SHA1 hash: 41d627d46dd3916868b6c843f23925966f091d53
MD5 hash: 4ba952b428c9969263f5d346f4500ae3
humanhash: east-sierra-connecticut-artist
File name:zeus 1_1.2.4.8.vir
Download: download sample
Signature ZeuS
File size:1'120'768 bytes
First seen:2020-07-19 16:48:01 UTC
Last seen:2020-07-19 19:11:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3c962f692c5beb92fd79c36beb473c1b (1 x ZeuS)
ssdeep 24576:5VoB24KyIHFlLiVVAyjk5TvZwUczckGRRO5mVUqu3PdkY:5V++yasVV1jk5FwtR18u1kY
Threatray 65 similar samples on MalwareBazaar
TLSH F6353302F1A34C3BD5DB6439F622CEA6CA522F98E402CB4917A987CF9C7E79C574D901
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.8

Intelligence


File Origin
# of uploads :
3
# of downloads :
62
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-09-11 17:35:00 UTC
AV detection:
22 of 25 (88.00%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments