MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a791902583a1b559ffc90bb0be67c9eacd05b780f39336e94c815babb746b2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: 7a791902583a1b559ffc90bb0be67c9eacd05b780f39336e94c815babb746b2e
SHA3-384 hash: 54e909b0c62b58a4d69bd7d0581d281a4f57cb834107706cdc34287b251c60e8e3a3fc2a6234a079dfe2cbc362912a20
SHA1 hash: 1743a691736e46cd5b1a136501b2c443bc62adaf
MD5 hash: 6cdd1e3eb01664e31d739648a3e359d2
humanhash: don-five-don-lima
File name:zeus 1_1.2.9.0.vir
Download: download sample
Signature ZeuS
File size:109'056 bytes
First seen:2020-07-19 19:24:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 67da0a54361d620c240bca8591ae2c5b (1 x ZeuS)
ssdeep 1536:usJCqaZwLQS5jcIzxEdMbpYcAExgnxRviJSSCe0PHM4gy2afmqL5jVLJrF/I4rYe:yJZwLSggRvYRCLPsDaTrvhUXm/
TLSH DFB30296A27325D4E0D11C30978D13432EADDF7A1AF9D7B346DA9A273E8208D9D243F4
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.9.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
63
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Enabling the 'hidden' option for recently created files
Unauthorized injection to a system process
Enabling autorun
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2013-04-01 01:19:00 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments