MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59d215e8631c4aa870a530cc9bb75848740cb3b9e84efc11c76943761fc1c403. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59d215e8631c4aa870a530cc9bb75848740cb3b9e84efc11c76943761fc1c403
SHA3-384 hash: dc1503e7bf843c54da180fc4d150e60ffc3a20dc6deaddd2cea1b001abff5903d9d252f390c248a624f8e82531bc50e4
SHA1 hash: bee1f02a167a1ece606d58bb31856f4bfb1bf57e
MD5 hash: a53287adf2c541213e4b457eddf907c1
humanhash: venus-beryllium-echo-mango
File name:zeus 1_1.4.1.1.vir
Download: download sample
Signature ZeuS
Create hunting rule
File size:81'920 bytes
First seen:2020-07-19 16:47:53 UTC
Last seen:2020-07-19 19:11:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 10752dac9de12da127a137030a847d9f (1 x ZeuS)
ssdeep 1536:5CeHGYKZFVdOxEyE5xYOvo7TYWoDQ14ipgVpM/q0KTteoMrBBrHNLeyAMRK5dFcB:5CVRsEyw/4UWeQj0poq9TttMdBZL+5dx
Threatray 27 similar samples on MalwareBazaar
TLSH 8A83E0A1CD2CE165FE960D74941BA3FAC03DCE501E485FA7C7A21906CC35E589EACE39
Reporter tildedennis
Tags:zeus 1


Avatar
tildedennis
zeus 1 version 1.4.1.1

Intelligence

File Origin
# of uploads :
3
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27891/
Detection(s):
Win.Trojan.Agent-231150
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/389928
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59d215e8631c4aa870a530cc9bb75848740cb3b9e84efc11c76943761fc1c403/
Threat name:
Win32.Spyware.Zbot
Create hunting rule
Status:
Malicious
First seen:
2016-12-25 14:07:29 UTC
AV detection:
40 of 48 (83.33%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
2ac75de577f6c316b9d8c0bc1ea53a99f07c229501ed142b0cbf33c9910d671a
ZeuS
4f86175e5500be87cc95ea9fcaf565970e15a86b2aa3223f8ef8d25e72cec376
ZeuS
51c6e8784fe2faa618b8b7df5df29d627c8070c8c793bec66df8449f8cff1e2d
ZeuS
51d91d2e7e9aeee2a291dc1f7eadd9e422d159aef4cf902ef9038d951527636f
ZeuS
5ecae17b09c610045bcd3d9daec1b89178b4b1e6cdb9d0a50285166888087d71
ZeuS
77ee7b0a10f3c0ab08c1b1f88ceb0dd979e9c2fee17ac5fd14c9ce27002f6078
ZeuS
a50c5d39fc21ccc51d78d76bbec723414f505f40a56961ac00b567ba0d5bda36
ZeuS
c5c5e59bb18bad1427714d0007b676e658d8e08faf5a0632ed88912f5816d525
ZeuS
c8e57eaa8b0fcdfa8cd3db86591975ed151c5e1751997a94fb0d9dddf62aecba
ZeuS
e2f55047a690ed67d5e3a5f90679576e3cca6ceac36bce39dc60b4748a176a09
ZeuS
+ 17 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/200719-zzrjd6gdnn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Drops file in Windows directory
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in System32 directory
Suspicious use of SetThreadContext
Modifies WinLogon
Modifies WinLogon
Modifies WinLogon for persistence
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/59d215e8631c4aa870a530cc9bb75848740cb3b9e84efc11c76943761fc1c403

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeus 1/
Cape
Cape
https://www.capesandbox.com/analysis/27891/

Comments