MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ffa867ac4050f771867737d104be2bf68ec9e51638b5005a6cd013ddbaba085. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5ffa867ac4050f771867737d104be2bf68ec9e51638b5005a6cd013ddbaba085
SHA3-384 hash: dfa77ac5b8030f3a13222800be14f13fd9b0b4e172cc398ec676b0948271f1c2ff78bf15532f731702f8024337d109cf
SHA1 hash: 08f432ece582f4eaf84dab3c0fd8dd5e6e9f1555
MD5 hash: c4e45a5e13dbafa2e5ec5dae4a998303
humanhash: timing-lemon-winner-alanine
File name:vmzeus_3.2.9.1.vir
Download: download sample
Signature ZeuS
File size:233'984 bytes
First seen:2020-07-19 19:34:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c39367f1c037876657cf79276d3306f
ssdeep 3072:v9yMV7Z3nCa4cYwQqOvPCna1KpCdBGZmqaTVfBz/qj1i3qquq0N+Wz4fC7zzZhP:v917ZT4cfy7KpmB0aTVfBzAyqfF+C7nL
TLSH B734CF23B9859CB6C9A22174AA9E777762FBCD3424398C43D3D81C1A6872993733D347
Reporter @tildedennis
Tags:vmzeus ZeuS


Twitter
@tildedennis
vmzeus version 3.2.9.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
22
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
ZeusVM
Detection:
malicious
Classification:
bank.troj.evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247391 Sample: vmzeus_3.2.9.1.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 48 Antivirus / Scanner detection for submitted sample 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Detected ZeusVM e-Banking Trojan 2->52 54 2 other signatures 2->54 7 vmzeus_3.2.9.1.exe 2 2->7         started        12 startMozilla.exe 2->12         started        14 startMozilla.exe 2->14         started        process3 dnsIp4 38 3.2.9.1 AMAZON-02US United States 7->38 32 C:\Users\user\AppData\...\startMozilla.exe, MS-DOS 7->32 dropped 34 C:\Users\user\AppData\...\tmpc9ac0552.bat, DOS 7->34 dropped 56 Detected ZeusVM e-Banking Trojan 7->56 58 Drops batch files with force delete cmd (self deletion) 7->58 60 Drops executable to a common third party application directory 7->60 16 startMozilla.exe 1 12 7->16         started        20 cmd.exe 1 7->20         started        62 Tries to detect sandboxes / dynamic malware analysis system (registry check) 12->62 64 Tries to detect sandboxes / dynamic malware analysis system (mutex check) 12->64 66 Tries to detect sandboxes / dynamic malware analysis system (tool check) 12->66 file5 signatures6 process7 dnsIp8 36 fxj.su 16->36 40 Antivirus detection for dropped file 16->40 42 Detected ZeusVM e-Banking Trojan 16->42 44 Machine Learning detection for dropped file 16->44 46 6 other signatures 16->46 22 waBGfeXMnvCHpoZCSK.exe 16->22 injected 24 waBGfeXMnvCHpoZCSK.exe 16->24 injected 26 waBGfeXMnvCHpoZCSK.exe 16->26 injected 30 13 other processes 16->30 28 conhost.exe 20->28         started        signatures9 process10
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2013-10-22 14:21:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence evasion
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Adds Run key to start application
Adds Run key to start application
Deletes itself
Identifies Wine through registry keys
Loads dropped DLL
Identifies Wine through registry keys
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments