MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89e35356978b8320736b890db74c9f70f4ab89dc7343bbdfb9cd80530dd4df32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara 1 Comments

SHA256 hash:	89e35356978b8320736b890db74c9f70f4ab89dc7343bbdfb9cd80530dd4df32
SHA3-384 hash:	e53092b73401f51c5260e56d3d5b3e7147ee9c708042466589bea50798c87a30d1f75c8417813999e56b7a6c06bd07ce
SHA1 hash:	1dc9c0eff55fd416f81ee9f97df2c54960024776
MD5 hash:	0b758c40a26b8b3d1104838f5cf1b57f
humanhash:	spaghetti-mexico-hot-moon
File name:	zeus 1_1.4.3.0.vir
Download:	download sample
Signature	ZeuS
File size:	1'039'912 bytes
First seen:	2020-07-19 17:18:42 UTC
Last seen:	2020-07-19 19:14:42 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ab746ee474e694487aba799f2922347c
ssdeep	24576:g7o09PuenkPK+p7GH3XDwkooOAtNOHRNapw:NvekpFqNtExNAw
TLSH	DC252313FA99F4BFFE1B513105B3A506CD6E2C9349F05A4767543E2D3A31AA48AF1328
Reporter	@tildedennis
Tags:	ZeuS zeus 1

@tildedennis

zeus 1 version 1.4.3.0

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27950/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0
Win.Trojan.Zbot-25191

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

phis.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/389971

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/89e35356978b8320736b890db74c9f70f4ab89dc7343bbdfb9cd80530dd4df32/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2011-06-28 08:13:00 UTC

AV detection:

28 of 31 (90.32%)

Threat level

5/5

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/200719-6m9hqk272s/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

Suspicious use of SetThreadContext

Modifies WinLogon for persistence

AV coverage:

80.82%

AV detections:

59 / 73

Link:

https://www.virustotal.com/gui/file/89e35356978b8320736b890db74c9f70f4ab89dc7343bbdfb9cd80530dd4df32/detection/f-89e35356978b8320736b890db74c9f70f4ab89dc7343bbdfb9cd80530dd4df32-1584356743

Threat name:

Unknown

Score:

1.00

Yara Signatures

Rule name:	win_zeus_auto
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/27950/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample