MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6acaee10404d0683e19ba29cea5234766cbd37253c44ade9cc1ca557c3995f3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: 6acaee10404d0683e19ba29cea5234766cbd37253c44ade9cc1ca557c3995f3a
SHA3-384 hash: 1acd1a86d66c0cbb75d33fb26abed355719ce7e68ac8c952f6b03be7a179d4dfacc149d5f7b26ffeb4e493ad5ee4dc0f
SHA1 hash: b7faabe7c9fcdbe55e73c527144631af12f6ed39
MD5 hash: 9b42742c386c89eb86d2b204fa0f78c5
humanhash: summer-sad-zulu-butter
File name:zeus 1_1.4.2.1.vir
Download: download sample
Signature ZeuS
File size:1'350'048 bytes
First seen:2020-07-19 17:31:07 UTC
Last seen:2020-07-19 19:19:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f5d5cbd4a793493658c0385c6926130f (1 x ZeuS)
ssdeep 24576:xFvhLoD0pn2Mk01XLuKA4K1PQDNIGnktDPB7qu3YDxlodNZLzv7u:xNhLoApn2MkIbuKXK18xktNqUYgZ7u
Threatray 223 similar samples on MalwareBazaar
TLSH C455337471CB7616EAA2503BA14A441FBA3C243A4A0817DB10F4CD95A9F60E975CFF2F
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.4.2.1

Intelligence


File Origin
# of uploads :
2
# of downloads :
69
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2013-06-21 19:52:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
UPX packed file

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:win_zeus_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments