MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: 82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720
SHA3-384 hash: a2fb6ebd693fb74036de70e6a4914fc29d05ec34c6e011271c9d4fd062dea2cdf547ebecb7f10cc5bd0be08e4338e289
SHA1 hash: dc3f4adf9f30dcd85f26310ebbd922501e65ee3f
MD5 hash: 9474a43327778c2630d73548bae9f5b2
humanhash: sink-helium-alanine-london
File name:82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720
Download: download sample
Signature ZeuS
File size:618'904 bytes
First seen:2020-10-25 02:32:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 76d1519de16a7c970d5cbe8213a53093 (1 x ZeuS)
ssdeep 12288:d78TkFH7w0uwxnjIEVzbUhhX0v3iEyuHzObkJXs+FDcS0:Fx7wvClVziXEyEyukkJXtmb
Threatray 74 similar samples on MalwareBazaar
TLSH 50D423FF20E95E7BC457B23D1A325BD18DB71777920A6B2443436684888B1827F627E3
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.6.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
101
Origin country :
US US
Mail intelligence
Gathering data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows directory
Enabling the 'hidden' option for recently created files
Sending a UDP request
Unauthorized injection to a system process
Enabling autorun
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Creates an undocumented autostart registry key
Detected unpacking (changes PE section rights)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2013-02-24 00:00:00 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720
MD5 hash:
9474a43327778c2630d73548bae9f5b2
SHA1 hash:
dc3f4adf9f30dcd85f26310ebbd922501e65ee3f
SH256 hash:
9dcb066fb5b2c3ffd8e1d8e4f394befe80b6d3b6719a5706b1dcdb8cfe443fab
MD5 hash:
66fef238f885ef41f392896c30ff51a6
SHA1 hash:
17ee12971de1db8f3a4eb86e8320915b5052d179
Detections:
win_zeus_auto

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments