MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87c779ed21a3c5abb368edd0472968f7f4f3c839fa8ac6ed058bfbee6c6c056a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87c779ed21a3c5abb368edd0472968f7f4f3c839fa8ac6ed058bfbee6c6c056a
SHA3-384 hash: 0f309ee60a1e9a427c03d79a0ebccedf1e5e40449ac0c056d73194e4c4c2e4ba2a5d5ed3b18e476164fe4ff9081a9009
SHA1 hash: 6ece6eae832907eeffcc69d886ae0b2d644ba3c0
MD5 hash: 354f372a0e38336f3a6c9e341f8ed271
humanhash: east-blossom-pasta-white
File name:zeusaes_2.7.7.3.vir
Download: download sample
Signature ZeuS
Create hunting rule
File size:223'362 bytes
First seen:2020-07-19 19:31:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b1eecad16272a452ca06bd601ade56bc (1 x ZeuS)
ssdeep 3072:1T8oS2mBAGCY6ehfhls4qQXvvSGuPSPbp1dcD6FC2PKchA2N8UeeKu5zLC+i/bDM:1T8/2mB8p6ns4qQXvvSDPStPLzL55
Threatray 78 similar samples on MalwareBazaar
TLSH D7246D03EA4442D2D46E1F3040B95B15E676AC383F3D178F5568BB38EDB37D62A22399
Reporter tildedennis
Tags:zeusaes


Avatar
tildedennis
zeusaes version 2.7.7.3

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28226/
Detection(s):
Win.Trojan.Injector-14346
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/390311
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/87c779ed21a3c5abb368edd0472968f7f4f3c839fa8ac6ed058bfbee6c6c056a/
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2013-05-31 23:02:00 UTC
AV detection:
22 of 25 (88.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374
ZeuS
3c1ce75269219a15d338a103c5e5baf8629438d062474a7c11e3792fdcabdf06
ZeuS
485868eac79a5a53120af21c63d317cc033ff0855da3684f16c30753a8d961c2
ZeuS
4faa4683bd7134b0823bd0f04f894136bab28fb33f6163f803d08b6dd80a36c2
ZeuS
54efc75509d102fe879aae2a49098bd2f05183502e0ee554a3f6c1a7a4367ad9
ZeuS
63576b3bcc6c0509b9855aaa0ff27fa949da6f878e39cedf0f1bbb504aff7a98
ZeuS
7624dfdc9137caa3238792759440cc52c94c9c306169292396bae3b8e31a8956
ZeuS
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc
ZeuS
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
ZeuS
ea0493a75251c59cbf9ae40a8c3ed4a0808adf8071f4c297d4fe52ead18962ef
ZeuS
+ 68 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200719-gtglt8nkx6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/87c779ed21a3c5abb368edd0472968f7f4f3c839fa8ac6ed058bfbee6c6c056a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeusaes/
Cape
Cape
https://www.capesandbox.com/analysis/28226/

Comments