MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720
SHA3-384 hash: a2fb6ebd693fb74036de70e6a4914fc29d05ec34c6e011271c9d4fd062dea2cdf547ebecb7f10cc5bd0be08e4338e289
SHA1 hash: dc3f4adf9f30dcd85f26310ebbd922501e65ee3f
MD5 hash: 9474a43327778c2630d73548bae9f5b2
humanhash: sink-helium-alanine-london
File name:82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720
Download: download sample
Signature ZeuS
Create hunting rule
File size:618'904 bytes
First seen:2020-10-25 02:32:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 76d1519de16a7c970d5cbe8213a53093 (1 x ZeuS)
ssdeep 12288:d78TkFH7w0uwxnjIEVzbUhhX0v3iEyuHzObkJXs+FDcS0:Fx7wvClVziXEyEyukkJXtmb
Threatray 74 similar samples on MalwareBazaar
TLSH 50D423FF20E95E7BC457B23D1A325BD18DB71777920A6B2443436684888B1827F627E3
Reporter tildedennis
Tags:zeus 1


Avatar
tildedennis
zeus 1 version 1.3.6.1

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/75320/
Detection(s):
Win.Trojan.Zbot-26914
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows directory
Enabling the 'hidden' option for recently created files
Sending a UDP request
Unauthorized injection to a system process
Enabling autorun
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/508863
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Creates an undocumented autostart registry key
Detected unpacking (changes PE section rights)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2013-02-24 00:00:00 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05a75635bc6db83ea1ecce6c0572e829db450fbffaae71ed74c51ac867ac2339
ZeuS
1283285b7d4791bacfcbd29c8d579785b75a636d1e1866d8219600a353bb8973
ZeuS
2f2d9760aa86fa4b197c2dcbb361c85cbb63a40a8c7049a561fa720f67a9bb87
ZeuS
51d91d2e7e9aeee2a291dc1f7eadd9e422d159aef4cf902ef9038d951527636f
ZeuS
6acaee10404d0683e19ba29cea5234766cbd37253c44ade9cc1ca557c3995f3a
ZeuS
89e35356978b8320736b890db74c9f70f4ab89dc7343bbdfb9cd80530dd4df32
ZeuS
a32036a66a060f3592f621d1181683d2d07682815f43dbeffef771bb50776ee4
ZeuS
aa8c776ec59e6c777b178a2836c5c20c9cb3e89155b4044c3b96dc1599c3695b
ZeuS
d99339360b38f6fd181678111f8a1b1ce54ca1c027c3fcf3ddb6ea28148e0088
ZeuS
ef82875918958a6a376fe6bf6562b136ebd61b816b34d4318b6aa4e150fa510c
ZeuS
+ 64 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201025-24k4klda8j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720
MD5 hash:
9474a43327778c2630d73548bae9f5b2
SHA1 hash:
dc3f4adf9f30dcd85f26310ebbd922501e65ee3f
Link:
https://www.unpac.me/results/7988fa57-efdc-4a6c-95ca-c81a178a8bd9/
SH256 hash:
9dcb066fb5b2c3ffd8e1d8e4f394befe80b6d3b6719a5706b1dcdb8cfe443fab
MD5 hash:
66fef238f885ef41f392896c30ff51a6
SHA1 hash:
17ee12971de1db8f3a4eb86e8320915b5052d179
Detections:
win_zeus_auto
Create hunting rule
Link:
https://www.unpac.me/results/7988fa57-efdc-4a6c-95ca-c81a178a8bd9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Wsnpoem
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeus 1/
Cape
Cape
https://www.capesandbox.com/analysis/75320/

Comments