MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66114ad746cfa51414a75a808c7dcde250c15fbd63289c589449658068a73418. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 8 File information Yara Comments

SHA256 hash: 66114ad746cfa51414a75a808c7dcde250c15fbd63289c589449658068a73418
SHA3-384 hash: 7fde9ab7b8a4ff9100003ca50f8ba97242dcdb83930f251391a2b61c9f215275c3240ae6e4a7152689857d68437c8f9d
SHA1 hash: 929a5ebdcf4c00d8365f5b7da01e5d3192f382c5
MD5 hash: 6c2d8d645f55e92eff8e1e2d8a065bff
humanhash: spring-quiet-yankee-tennessee
File name:zeus 1_1.3.2.1.vir
Download: download sample
Signature ZeuS
File size:118'784 bytes
First seen:2020-07-19 19:46:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d7a1a7d8b0235e2129be4061f3665ae4
ssdeep 3072:SW5bRo+wOrfhH2K04Kde/h4RPqpbNNT0tq/:SWpy+wO9HEZPIpbNNTm
TLSH 66C302447AACDC7ADDA955F52E293720DA1FF660083D6F74780C185AEB04F4A46393B2
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.2.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
45
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
96 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-05-28 21:56:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Drops file in System32 directory
Suspicious use of SetThreadContext
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments