MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6288d889b584dc17232b26e33cd12f5fda5caa110cfd52836df3b13306b46ca8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 7 File information Yara Comments

SHA256 hash: 6288d889b584dc17232b26e33cd12f5fda5caa110cfd52836df3b13306b46ca8
SHA3-384 hash: 4090bb0dae336f859735b9ec5d7633fce900937002ef67c305f85d77e2fb55304dfb4dcfb7710af2903db0c27528bba5
SHA1 hash: 455734c36e47236908b8264430025ebd14a13398
MD5 hash: 7e37173f76f3515e4e57245db0387efe
humanhash: failed-friend-butter-jig
File name:zeus 1_1.3.0.26.vir
Download: download sample
Signature ZeuS
File size:2'787'840 bytes
First seen:2020-07-19 19:37:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b5d8e09d5e38e6a3e358c90c8b37a80
ssdeep 49152:IGtUzKpm2/BWbdQVnlasuLpeELz9zUbeELlerJneELOqL:IGKzKM2E5onlILpeELz6eELlelneELh
TLSH 2CD5337BA2DAE331F993657C05CCEA26252979380F4112AC723F979D86B758004EC6F7
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.0.26

Intelligence


File Origin
# of uploads :
1
# of downloads :
21
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-07-18 02:39:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments