MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 616c00fde99b42a7f988b56bcd66a94e244a626f3f581d00cc937119230b1531. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 616c00fde99b42a7f988b56bcd66a94e244a626f3f581d00cc937119230b1531
SHA3-384 hash: ddc8e264be70a7be51f8f6486c5d7c4c9b13fc8c67ff6a9c43774a2183109a9a46c0adf03805d2895d5207f972c7ee41
SHA1 hash: e1a9646561d83607efd5b6700739bb7726515ec4
MD5 hash: a7d8130ca2affde4a91455ee18083c83
humanhash: island-twenty-bluebird-eight
File name:zeus 1_1.2.7.9.vir
Download: download sample
Signature ZeuS
File size:156'672 bytes
First seen:2020-07-19 17:33:08 UTC
Last seen:2020-07-19 19:19:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 892a64e04b31d59c166cf7c8efab9c7b
ssdeep 3072:683rcYvM7MxYSz/EDJ3iB6fzl1uW5YEheTLo1sOFJzH:RM7M2SjmJEwWW/LGC7
TLSH F8E312BF3F0C2CCBC68C027BA166BAE54368916B443997075E102DC9558DD8BA578FE2
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.7.9

Intelligence


File Origin
# of uploads :
2
# of downloads :
20
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2014-01-15 02:08:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments