MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65e4609b0140e9323be0b019eab0af3a51ccd2e004967749fa182160d60f60c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65e4609b0140e9323be0b019eab0af3a51ccd2e004967749fa182160d60f60c0
SHA3-384 hash: e4e67a0b26a35d84fec9474d96a657eea58f6c1c4bc3ff4c23da2d6e31c2339bbe032aac635c35137a431c9cfbff0fa2
SHA1 hash: fd2e71d9b09fb44aadf99df5ef77f5e95154b1af
MD5 hash: 644dce104e1f26cdaf93e40e5bd3874d
humanhash: timing-rugby-alaska-ten
File name:65e4609b0140e9323be0b019eab0af3a51ccd2e004967749fa182160d60f60c0
Download: download sample
File size:166'912 bytes
First seen:2020-08-09 18:30:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 25ee5018dcf518e92bbed6b4da981676
ssdeep 3072:vwNCe+FREhH67JK1x+sUhWucMPjRkad8FifRWnv0:UCe+FkdrohkMPdt1Mns
Threatray 45 similar samples on MalwareBazaar
TLSH 71F3E015B362D079E061183018A6D7E17DADFC6013B4405B3BE06ABD5EB63D86EA8F1B
Reporter tildedennis
Tags:unnamed 4


Avatar
tildedennis
unnamed 4 version 1.9.0.1

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/42288/
Detection(s):
Win.Trojan.Zbot-17963
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
ZeusVM
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/416018
Signature
Contains functionality to detect sleep reduction / modifications
Contains functionality to inject code into remote processes
Contains VNC / remote desktop functionality (version string found)
Detected ZeusVM e-Banking Trojan
Disables the windows security center
Injects a PE file into a foreign processes
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 260259 Sample: wP8JBScjdm Startdate: 09/08/2020 Architecture: WINDOWS Score: 72 25 Machine Learning detection for sample 2->25 27 Contains VNC / remote desktop functionality (version string found) 2->27 29 Disables the windows security center 2->29 8 wP8JBScjdm.exe 2->8         started        process3 signatures4 31 Detected ZeusVM e-Banking Trojan 8->31 33 Contains functionality to inject code into remote processes 8->33 35 Injects a PE file into a foreign processes 8->35 37 Contains functionality to detect sleep reduction / modifications 8->37 11 wP8JBScjdm.exe 8->11         started        process5 process6 13 net.exe 1 11->13         started        15 net.exe 1 11->15         started        process7 17 conhost.exe 13->17         started        19 net1.exe 1 13->19         started        21 conhost.exe 15->21         started        23 net1.exe 1 15->23         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/65e4609b0140e9323be0b019eab0af3a51ccd2e004967749fa182160d60f60c0/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2012-02-12 18:20:00 UTC
AV detection:
24 of 25 (96.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
17a9fa26f553c56d5b03921045d684a49177b8620eb3313dfcf13d269789c4ae
52f137c22685d15df043daabdb9c823e07ecec4df42bcc2fa2c5bd45913d32ea
5e7621b7f875f9e6c730454d916a2bc2acb7d8b1fbc1dbe7cdb1917d42f1590b
5ee970db11a1dbfeff58b1f1206045d141022d6d396d50ba571910522a2c106d
6960d585698d0353194d53afa7c6db5a68386fa8855cefefe9a2f4ce1292b5da
86d5516b71ddd68cf50273d5fa8a501c399be218b35dcfc09c29ef97f3afc111
87881f84676ff10ab3f51519748d1799468def9f10dab79588b1d655d0eddb71
a6bf564665f281e7226d137f8da8692436c44edb6ab7881cab31282ffd6649ad
c015de0626ba91b194a47d0c8d76594e1bddadae9d9a6891b26ff7c2bc0fade3
e3afb8be8f04e148a4214c375eff4817f2afcfcaff0f6a0bf2f5e324d9649b1b
+ 35 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200809-zzvpn3y2gj/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/unnamed 4/
Cape
Cape
https://www.capesandbox.com/analysis/42288/

Comments