MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c636aa59a3960bd98182fa2f3800453b4de5c758adbfb752e85e14ff52a24d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5c636aa59a3960bd98182fa2f3800453b4de5c758adbfb752e85e14ff52a24d3
SHA3-384 hash: 96d21f943e0d22f2b9473345ad32d5e3e9b8ee689e4af0c7bb6e0006f4fbe3dc9c3aa63b5ae7b142ecbea04bfa1bf765
SHA1 hash: 2c6bba594d7ec78fec3f525934e37d008c0d24ca
MD5 hash: 33b580f686bb67b10b2f5ee478422ce5
humanhash: missouri-cold-nineteen-crazy
File name:zeus 1_1.2.12.0.vir
Download: download sample
Signature ZeuS
File size:108'544 bytes
First seen:2020-07-19 19:41:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9b4a865985da18ed1f5f89b46c8b51f7
ssdeep 3072:qKMD9yUWzeXnoj2/ZDCn/Dq5lfERymER2ElkwaM2Tz1eKDV:TMDEJzeXno0ZDCn/DqlHCz1eI
TLSH 84B3E09B3D2C0AEBD6CE17796E359E02C7E1C540013BA01479C1EECA8D9D9C91D9BBE1
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.12.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-06-13 01:53:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments