MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7603db669c807f811b12ddfb14b4d85850ab916983dff5944fd08c307c69b665. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7603db669c807f811b12ddfb14b4d85850ab916983dff5944fd08c307c69b665
SHA3-384 hash: 35dda377582ed45b3865f7c8f25e7644bb53fdf8e34bbcf658fb623beb59aea1bc278a16a28f8f77393cac35d3dee4d5
SHA1 hash: 056dadbcd421c8e53300d0d49d746fcfef4a71d7
MD5 hash: a96c5da33171b8dd4e056fadfb7b003b
humanhash: colorado-avocado-emma-uncle
File name:zeus 1_1.2.7.19.vir
Download: download sample
Signature ZeuS
Create hunting rule
File size:88'576 bytes
First seen:2020-07-19 19:23:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 918194e35d3189fbbf261d032339c245 (1 x ZeuS)
ssdeep 1536:0ZRdbbjdWUiM5GlQHAaLSwT+p7cDwfL4239JD+E/rYCAEQai1bpKORgtkte/Xxzp:+/jdWUhoQZSFgDwz4o9JCArOdasNej/N
Threatray 426 similar samples on MalwareBazaar
TLSH 7283E13B3D7D7CC7E46C037D58F36D1527B08D82085697040AECDA99A5CDEC6241ABA6
Reporter tildedennis
Tags:ZeuS zeus 1


Avatar
tildedennis
zeus 1 version 1.2.7.19

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28145/
Detection(s):
Win.Spyware.Zbot-1278
Create hunting rule

Win.Trojan.Zbot-59072
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7603db669c807f811b12ddfb14b4d85850ab916983dff5944fd08c307c69b665/
Threat name:
Win32.Spyware.Zbot
Create hunting rule
Status:
Malicious
First seen:
2014-06-28 14:48:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
01917eb065381a2bd3e0a037b40b488c47f7abf9158db5fd829fd5738bba8595
ZeuS
2647f35410168d2018a29f65b10dad4cf7016b883b4ff303dabac68521b76e88
ZeuS
334ff98908b85214d066418232804605967b4b8f71d20cfc11a32aeef187a25d
ZeuS
616c00fde99b42a7f988b56bcd66a94e244a626f3f581d00cc937119230b1531
ZeuS
6680a475582eb69a5bf028ebe5ae4ebd808e5da535336f0b0fe8a7ae6fe77a60
ZeuS
7a791902583a1b559ffc90bb0be67c9eacd05b780f39336e94c815babb746b2e
ZeuS
8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451
ZeuS
d3baf4f620bd6a65ad0bd17009869a496b7e660d97be21db920daedcf8f95868
ZeuS
da33ab6ea38ec6f285d82061991f014914fe718fe8516c04fa8dc38ea4ddcee2
ZeuS
e41a2e2c7225a85f1ed1638e93d1ced20be49c4f59315d1b0beca7fd7015ecee
ZeuS
+ 416 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/200719-rncp4162w6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7603db669c807f811b12ddfb14b4d85850ab916983dff5944fd08c307c69b665

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeus 1/
Cape
Cape
https://www.capesandbox.com/analysis/28145/

Comments