MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61e1a726a2410e5844398cebe9081f0c564341498a929aab861435fdab5f8157. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 61e1a726a2410e5844398cebe9081f0c564341498a929aab861435fdab5f8157
SHA3-384 hash: ab651e629c873ac8208b9f0ecdce7284812925728b3b12732be691bdd3d2adf0c8300373c2391ecf1039bdd3cc7c80a8
SHA1 hash: db42047406d66549daa53d727daadf529cfc4a3d
MD5 hash: 7e9eeb9f1d740713b3bbadc323c06532
humanhash: purple-uranus-don-leopard
File name:zeus 1_1.2.12.1.vir
Download: download sample
Signature ZeuS
File size:130'560 bytes
First seen:2020-07-19 19:44:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2024c0b539151cafcc7c0602673b4845
ssdeep 3072:ET33sOcWORTgFkovQbEOZDwSnxnJ3qzfeSsqKXOr+L:IHsOcRgFkoobEOdw
TLSH 05D3D099B99C0AEFE99E03741470AE1B87E4CD91412E9504368CCDCB5F6E2C990AF3F1
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.12.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2014-11-25 19:09:22 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments