MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8055e9282c2551b3672f8a048fd542de34561848ba14b50ce325171a4ea16879. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: 8055e9282c2551b3672f8a048fd542de34561848ba14b50ce325171a4ea16879
SHA3-384 hash: a47f15d8b88d478431df2b723a009b6b2ed3dae0799affa7ffd10de8e0ba9668c23323f5598a6eabdf78c59d618adaf8
SHA1 hash: 34420eee1b9e29d8e2a9207cbf6aec50a8106127
MD5 hash: a6b2e757faf0f713a90398236d2b108d
humanhash: zulu-ack-charlie-double
File name:zeus 1_1.3.7.1.vir
Download: download sample
Signature ZeuS
File size:63'488 bytes
First seen:2020-07-19 19:37:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b9567c6f89140b6e5ba21b4c42b50952 (1 x ZeuS)
ssdeep 1536:dS8zosdygXzj9L/7VBruBOk4YGZ5F6oItJt3CBVwiARAfG/OIn49a/St4:dDdy63J/7V1+4t5F+l3CBVOmJ9a/
Threatray 192 similar samples on MalwareBazaar
TLSH 035302F2E05EEF92C41A1938D1145D7DF2B7C32C5D4D6A93A002E14B5EC663362ADD4E
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.7.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
365
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Creating a window
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-06-09 01:24:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Drops file in Windows directory
Modifies WinLogon for persistence
Modifies WinLogon for persistence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments