MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara Comments

SHA256 hash:	5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6
SHA3-384 hash:	38f99556efce7b7896f1697e734c74008a39044f7c0cee59e29f6d3e29d691636be534c5a7644b2433c8506bb95278fc
SHA1 hash:	49a6245c789982f3e6b425dfd6878dc45f388594
MD5 hash:	66213afc42b9176391f5a1abe6787b45
humanhash:	speaker-west-nine-stairway
File name:	zeus 1_1.2.4.2.vir
Download:	download sample
Signature	ZeuS
File size:	160'768 bytes
First seen:	2020-07-19 19:46:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	abedd3db3def732e4a4682d261a43882
ssdeep	3072:ztTuduxLiGy9xbhBzHnb3hrFGcHknIhqOQilRWkXbLrL:zBhiJ97BzHb3acEIhqcymbz
TLSH	52F3F194BAD4C172D41188F5CD01E9BBBA253FB0BD5650437AA5FF8E38B26C1A32447B
Reporter	@tildedennis
Tags:	ZeuS zeus 1

@tildedennis

zeus 1 version 1.2.4.2

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28379/

Detection(s):

PUA.Win.Packer.Pseudosigner-30
PUA.Win.Packer.Armadillo-66
PUA.Win.Packer.Armadillo-70
Win.Trojan.Buzus-7330

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/390594

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2011-06-15 15:37:00 UTC

AV detection:

29 of 31 (93.55%)

Threat level

5/5

Detection(s):

Malicious file

Link:

https://www.spamhaus.org/query/hash/lsi6scsupzmyy2hwvn5ga4kj4u4hf7vmfa4g77b35kgqb7i2x3la._file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-zqc3lm53bn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Suspicious use of SetThreadContext

AV coverage:

84.51%

AV detections:

60 / 71

Link:

https://www.virustotal.com/gui/file/5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6/detection/f-5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6-1581999136

Threat name:

Unknown

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/28379/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample