MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b3d4395b0f5acd40bc20f4bf3930cbd14da3d240ad67f7ab9a65de0681e8742. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments

SHA256 hash: 5b3d4395b0f5acd40bc20f4bf3930cbd14da3d240ad67f7ab9a65de0681e8742
SHA3-384 hash: 5145109957e0757969842a0dcaf2c5875f67ebab8084a7a78a024115174b4ff937030443e3ae1de56c93f18df0834edd
SHA1 hash: e734bb114c2f47dc900d3a5a526db94f0b752ba0
MD5 hash: 2d2f0c7af61867cd84f2e419a62cef16
humanhash: mississippi-helium-autumn-bakerloo
File name:2d2f0c7af61867cd84f2e419a62cef16.bin
Download: download sample
Signature ZeuS
File size:120'320 bytes
First seen:2022-07-09 02:02:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0bf2acd23359b9e1b2b09733eb741a41 (1 x ZeuS)
ssdeep 3072:+Is+YKqkUGyV60eGb+DEAdYiHwKW6GGNk885qbh:+WYKqLeBddjHwrPGe88Ih
Threatray 128 similar samples on MalwareBazaar
TLSH T185C3023AC02F2D05F4507C3006EB52A8EB98FD925E1666DF5F4A500FBD16E91A9B025F
TrID 33.2% (.EXE) Win32 Executable (generic) (4505/5/1)
22.1% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
14.9% (.EXE) OS/2 Executable (generic) (2029/13)
14.7% (.EXE) Generic Win/DOS Executable (2002/3)
14.7% (.EXE) DOS Executable Generic (2000/1)
Reporter @tildedennis
Tags:exe ZeuS zeus 2


Twitter
@tildedennis
zeus 2 version 2.0.8.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
475
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed panda ramnit zbot
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Detection:
malicious
Classification:
bank.troj.evad
Score:
92 / 100
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Detected ZeusVM e-Banking Trojan
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-06-12 19:25:00 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
28 of 30 (93.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
5f1d5f5901d483d057c74841d2380221ef8da68df672a75e389acdfeb4dcc8aa
MD5 hash:
59f0173740ff859fa576bd15c505f6e7
SHA1 hash:
1e4ea5e07f453b93e74e73b139eeef4c97602d9e
SH256 hash:
5b3d4395b0f5acd40bc20f4bf3930cbd14da3d240ad67f7ab9a65de0681e8742
MD5 hash:
2d2f0c7af61867cd84f2e419a62cef16
SHA1 hash:
e734bb114c2f47dc900d3a5a526db94f0b752ba0

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments