MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 821bf9d9232b278bf09392b3dcee0466c034250eaacb820cee92dc54f758080d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Add tag Delete this sample Report a False Positive

SHA256 hash: 821bf9d9232b278bf09392b3dcee0466c034250eaacb820cee92dc54f758080d
SHA3-384 hash: 94cb1b46e62ff5b300139b3beef743c62f5bb187e47448f3cd697fb8a8c65585284d2da137e294913a5907e450ee46ef
SHA1 hash: b4f44d10e7e981c24b267b029f7061613767b2c0
MD5 hash: a50da6451263aa74a68e4bda0b4e86fb
humanhash: butter-batman-december-hot
File name:821bf9d9232b278bf09392b3dcee0466c034250eaacb820cee92dc54f758080d
Download: download sample
Signature ZeuS
Create hunting rule
File size:131'072 bytes
First seen:2020-10-18 13:16:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a15732efc710240ffc55c41aba98990b (1 x ZeuS)
ssdeep 3072:zel90zgUapFRLRKL433pIGvyll0zhrYKncWLakQaHdVwjAPH:ql9UUG43UlM5YKncOaS
Threatray 25 similar samples on MalwareBazaar
TLSH 93D3D0FB3C1D95D7CA6F07702832AA024AF5E4A4422BC781B2D5E6494B9D5CE418CBF7
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.2.4

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'471
Origin country :
FR FR
Mail intelligence
Gathering data
Vendor Threat Intelligence
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/72656/
Detection(s):
Win.Trojan.Zbot-8742
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/494648
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Contains functionality to check if the process is started with administrator privileges
Contains VNC / remote desktop functionality (version string found)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Create hunting rule
Link:
https://mwdb.cert.pl/sample/821bf9d9232b278bf09392b3dcee0466c034250eaacb820cee92dc54f758080d/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2011-07-10 20:57:00 UTC
AV detection:
24 of 25 (96.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://www.spamhaus.org/query/hash/qin7twjdfmtyx4etskz5z3qem3adijiovlfyedhoslofj52ybagq._file
Verdict:
malicious
Similar samples:
0963113af6258d8034c5bf72425ebb405d5fedd0c6b17ba2c299d7c2ae4e607a
ZeuS
4548d59ae9c759dc3a6d80ef4f593796e020d11dee1c08feb9f2a25221feb44d
ZeuS
4c5989776f8b71addd09414405bc9fc63e78b7fdf050015e3474df0f06a478ca
ZeuS
66114ad746cfa51414a75a808c7dcde250c15fbd63289c589449658068a73418
ZeuS
7a0eadac8671732b6d1d6de37fa37cbf0cab61af3b9720bce64734bd4ac4f19e
ZeuS
8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b
ZeuS
ade0fb9ccd97f80133423de71525319b1844aca391652403f3302766a1e789a7
ZeuS
ae3eaa7167c9d6588a7a7b8a4569ad752d47b048a6ec2bdcd4aa0a06deb78435
ZeuS
c1c21947e1a6d21286c6aabf649edaf9796789885fbaba5b62a91f7b5e581091
ZeuS
d44bcd92b146cc8565b8b615b4f4447dba73677a7b7df9897736e8d84ff14b6e
ZeuS
+ 15 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201018-g5cnb1cc9s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Drops file in System32 directory
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
821bf9d9232b278bf09392b3dcee0466c034250eaacb820cee92dc54f758080d
MD5 hash:
a50da6451263aa74a68e4bda0b4e86fb
SHA1 hash:
b4f44d10e7e981c24b267b029f7061613767b2c0
Link:
https://www.unpac.me/results/d8a7a34f-a2da-4516-a552-76eddecf9f22/
SH256 hash:
c15ad79771e1a8aba9dcd3e6397959fe83ca7bb3962b8017e7f17a3d4ab92ba5
MD5 hash:
b19e40ef7a35302f010b144afdbaf55e
SHA1 hash:
6f5b45a72f4994b00cca367cdaced6b359702e82
Detections:
win_zeus_auto
Create hunting rule
Link:
https://www.unpac.me/results/d8a7a34f-a2da-4516-a552-76eddecf9f22/
AV coverage:
88.57%
AV detections:
62 / 70
Link:
https://www.virustotal.com/gui/file/821bf9d9232b278bf09392b3dcee0466c034250eaacb820cee92dc54f758080d/detection/f-821bf9d9232b278bf09392b3dcee0466c034250eaacb820cee92dc54f758080d-1603030173
Threat name:
Zbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/821bf9d9232b278bf09392b3dcee0466c034250eaacb820cee92dc54f758080d

YARA Signatures

MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:win_zeus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeus 1/
Cape
Cape
https://www.capesandbox.com/analysis/72656/

Comments