MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: 5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6
SHA3-384 hash: 38f99556efce7b7896f1697e734c74008a39044f7c0cee59e29f6d3e29d691636be534c5a7644b2433c8506bb95278fc
SHA1 hash: 49a6245c789982f3e6b425dfd6878dc45f388594
MD5 hash: 66213afc42b9176391f5a1abe6787b45
humanhash: speaker-west-nine-stairway
File name:zeus 1_1.2.4.2.vir
Download: download sample
Signature ZeuS
File size:160'768 bytes
First seen:2020-07-19 19:46:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash abedd3db3def732e4a4682d261a43882 (1 x ZeuS)
ssdeep 3072:ztTuduxLiGy9xbhBzHnb3hrFGcHknIhqOQilRWkXbLrL:zBhiJ97BzHb3acEIhqcymbz
Threatray 126 similar samples on MalwareBazaar
TLSH 52F3F194BAD4C172D41188F5CD01E9BBBA253FB0BD5650437AA5FF8E38B26C1A32447B
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.2

Intelligence


File Origin
# of uploads :
1
# of downloads :
1'391
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-06-15 15:37:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments