MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a4efc4c1ee2d1d75fa9170ef7dcdbb146d27bc94a969734318abf4290d90152. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 6a4efc4c1ee2d1d75fa9170ef7dcdbb146d27bc94a969734318abf4290d90152
SHA3-384 hash: 08cf667f90a0448a1bbf302403796f19fcfa513a8e3168c120099cdc4760e1ca60eb084b8bee136e359b1b7144f20748
SHA1 hash: e668d0045bd62d12e5e28ec47e1d42203795cdf6
MD5 hash: fb4b226b36d143e921eb6cdb6df79a4c
humanhash: jupiter-pennsylvania-happy-helium
File name:zeus 1_1.2.4.0.vir
Download: download sample
Signature ZeuS
File size:380'992 bytes
First seen:2020-07-19 19:41:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 20d9447b478805dbac546c136ab580fc
ssdeep 6144:BWRboCObSOv096KrKKDrN7MtPwOHmuwkRdQKZ7aZyZNIIcjAD:m/O/v09hdv6zmEQKOyZNNZD
TLSH B684230011B099F7D67556F14CF2AC18A9CE974A545FA3BFB32A206AFA3275787400BF
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2011-06-20 10:04:00 UTC
AV detection:
23 of 25 (92.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of UnmapMainImage
Program crash
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments