MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6680a475582eb69a5bf028ebe5ae4ebd808e5da535336f0b0fe8a7ae6fe77a60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 6680a475582eb69a5bf028ebe5ae4ebd808e5da535336f0b0fe8a7ae6fe77a60
SHA3-384 hash: 1f574509746d47076e8b586eb45a643d9221d78af37e5d87c376f695ffe9703a321823c1f73c358c803d45eb7f356e42
SHA1 hash: 5884b783f31cbfaa7726ce018b23eaa6ba124692
MD5 hash: 03abab3227f438e805e72e4c8325086a
humanhash: july-spaghetti-mountain-london
File name:zeus 1_1.2.7.21.vir
Download: download sample
Signature ZeuS
File size:110'592 bytes
First seen:2020-07-19 19:21:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 635ec3579b7fdefc9f3a936d9a5fb03d (1 x ZeuS)
ssdeep 1536:y8w1awv2GZW1aiJFL03/jMM5hjhXvL0gvFBlayrTKZ0kgamwxfiTbtsvTrfqALdV:iaw+OWVvuX5vj0oFPKZXxxfiT5sSudV
Threatray 69 similar samples on MalwareBazaar
TLSH 38B39E6E759400F3C9921F30C9633B27527EE833907959DFD3984E8A6AA05E1732D787
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.7.21

Intelligence


File Origin
# of uploads :
1
# of downloads :
65
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Unauthorized injection to a recently created process
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2015-03-15 08:56:33 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Drops file in System32 directory
Suspicious use of NtCreateProcessExOtherParentProcess

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments