MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6
SHA3-384 hash: 38f99556efce7b7896f1697e734c74008a39044f7c0cee59e29f6d3e29d691636be534c5a7644b2433c8506bb95278fc
SHA1 hash: 49a6245c789982f3e6b425dfd6878dc45f388594
MD5 hash: 66213afc42b9176391f5a1abe6787b45
humanhash: speaker-west-nine-stairway
File name:zeus 1_1.2.4.2.vir
Download: download sample
Signature ZeuS
File size:160'768 bytes
First seen:2020-07-19 19:46:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash abedd3db3def732e4a4682d261a43882
ssdeep 3072:ztTuduxLiGy9xbhBzHnb3hrFGcHknIhqOQilRWkXbLrL:zBhiJ97BzHb3acEIhqcymbz
TLSH 52F3F194BAD4C172D41188F5CD01E9BBBA253FB0BD5650437AA5FF8E38B26C1A32447B
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.2

Intelligence


File Origin
# of uploads :
1
# of downloads :
34
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-06-15 15:37:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments