MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a791902583a1b559ffc90bb0be67c9eacd05b780f39336e94c815babb746b2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	7a791902583a1b559ffc90bb0be67c9eacd05b780f39336e94c815babb746b2e
SHA3-384 hash:	54e909b0c62b58a4d69bd7d0581d281a4f57cb834107706cdc34287b251c60e8e3a3fc2a6234a079dfe2cbc362912a20
SHA1 hash:	1743a691736e46cd5b1a136501b2c443bc62adaf
MD5 hash:	6cdd1e3eb01664e31d739648a3e359d2
humanhash:	don-five-don-lima
File name:	zeus 1_1.2.9.0.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	109'056 bytes
First seen:	2020-07-19 19:24:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	67da0a54361d620c240bca8591ae2c5b (1 x ZeuS)
ssdeep	1536:usJCqaZwLQS5jcIzxEdMbpYcAExgnxRviJSSCe0PHM4gy2afmqL5jVLJrF/I4rYe:yJZwLSggRvYRCLPsDaTrvhUXm/
TLSH	DFB30296A27325D4E0D11C30978D13432EADDF7A1AF9D7B346DA9A273E8208D9D243F4
Reporter	tildedennis
Tags:	ZeuS zeus 1

tildedennis

zeus 1 version 1.2.9.0

Intelligence

File Origin

# of uploads :

# of downloads :

108

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28151/

Detection(s):

SecuriteInfo.com.Win32.Heur.16819.3693.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Enabling the 'hidden' option for recently created files

Unauthorized injection to a system process

Enabling autorun

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/390158

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7a791902583a1b559ffc90bb0be67c9eacd05b780f39336e94c815babb746b2e/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2013-04-01 01:19:00 UTC

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pj4rsasyhinvlh74sc5qxzt4t2wnaw3yb44tg3uuzak3vo3unmxa._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/200719-4e42cghjvn/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in System32 directory

Modifies WinLogon for persistence

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7a791902583a1b559ffc90bb0be67c9eacd05b780f39336e94c815babb746b2e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/28151/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample