MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e57b3151e696198fa799ccdc91d05ecee2462f5adc2ec5cd591b745165106e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	6e57b3151e696198fa799ccdc91d05ecee2462f5adc2ec5cd591b745165106e8
SHA3-384 hash:	126daa32da9a29e4203ef7b89021ef7e691fb358bbc62d6c9144f69ee591d8fc2de5fd4841f0c2a6142e73edc24a32ae
SHA1 hash:	c958f983cdb6be45d7ad8d6a653ff1516b561e42
MD5 hash:	3b3b888bcc1668fbd561b500e1e78e37
humanhash:	bakerloo-violet-mango-carbon
File name:	iceix_1.2.5.0.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	1'052'672 bytes
First seen:	2020-07-19 19:33:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9116eb3c4a4e6064ca23bef90f5714dd (1 x ZeuS)
ssdeep	12288:kONy34YvSXEdqgwtSfDbcQug1C01IRZsaor1UBzvIx+gaDAi9tHDQcFtvnJBtaq4:Ry3yAqgPvcQzEzU1UGolRXvAqsFL
Threatray	228 similar samples on MalwareBazaar
TLSH	B2259E22F6D24837C0732A3CDD5B9764993ABD103D28998A3BF55D4C8F3978139352AB
Reporter	tildedennis
Tags:	iceix ZeuS

tildedennis

iceix version 1.2.5.0

Intelligence

File Origin

# of uploads :

# of downloads :

370

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28250/

Detection(s):

Win.Trojan.Zeus-366

Win.Dropper.Zeus-8091437-0

PUA.Win.Adware.Webalta-6854075-0

PUA.Win.Adware.Webalta-6862190-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/390354

Behaviour

Behavior Graph:

Download SVG

Detection:

pony

Link:

https://mwdb.cert.pl/sample/6e57b3151e696198fa799ccdc91d05ecee2462f5adc2ec5cd591b745165106e8/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2015-05-24 03:46:24 UTC

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=nzl3gfi6nfqzr6tzttg4shif5txciyxvvxboyxgvsg3ukfsra3ua._file

Result

Malware family:

pony

Score:

10/10

Tags:

discovery rat spyware stealer family:pony evasion persistence

Link:

https://tria.ge/reports/200719-yjhnglg4ln/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

Modifies service

Checks installed software on the system

Adds Run key to start application

Loads dropped DLL

Reads data files stored by FTP clients

Deletes itself

Reads user/profile data of web browsers

Executes dropped EXE

Modifies Windows Firewall

Pony,Fareit

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6e57b3151e696198fa799ccdc91d05ecee2462f5adc2ec5cd591b745165106e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/iceix/

Cape

https://www.capesandbox.com/analysis/28250/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample