MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c5212eefefde8dae1de5a327b3d3dc0413ec7023e8a6bc01501ea083b2a434d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VMZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c5212eefefde8dae1de5a327b3d3dc0413ec7023e8a6bc01501ea083b2a434d
SHA3-384 hash: 3d4c79b41fba6b38496bcd2be2fa7ef9e88f6e3a3fef82dd52b7f37605ae9b82327a2dc48e092e64ed2433302c1883b3
SHA1 hash: e211f840a31ef8cd48e9baba6cebc76c0bda4b3c
MD5 hash: 3395e18bf4bfd76ab4fab48e05d9e2bc
humanhash: beer-vermont-orange-utah
File name:8c5212eefefde8dae1de5a327b3d3dc0413ec7023e8a6bc01501ea083b2a434d
Download: download sample
Signature VMZeuS
Create hunting rule
File size:133'504 bytes
First seen:2020-11-10 11:39:37 UTC
Last seen:2024-07-24 18:46:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 653ce33dd52a644ca5b991f98ddfdbe3 (2 x VMZeuS, 1 x ZeuS)
ssdeep 3072:BW0Wsd7fzeZjUB0xZMX2x598fawZPhoSRZC6Ty:4rKyjXZMIK7Z9+
Threatray 120 similar samples on MalwareBazaar
TLSH A5D30220E7A85177E1D2C0BE5A3ED6D885D32EB1037648D774E601464AD32DB6A7F2C3
Reporter seifreed
Tags:vmzeus

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
ZeusVM
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/528652
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Detected ZeusVM e-Banking Trojan
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c5212eefefde8dae1de5a327b3d3dc0413ec7023e8a6bc01501ea083b2a434d/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 00:09:02 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrjbf3x67xunvyo6lizhwpj5ybat5rych2fgxqavahvaqozkingq._file
Verdict:
malicious
Similar samples:
0d812586b239b0ce1c4f3f9347386c75e70ab098659c019e100160078b821aa5
VMZeuS
0fd0fedc1c314629e83f3e2ef6867e5cbaf15c4bd6235a8d9fadfc79bd441611
VMZeuS
1f3842bc152088bc10de6e14adabf860902dee318375a6567e0b85a9faaed1f0
VMZeuS
37259fff5937e8c92679a70cff7fc4b81043451ce705c982398865b17c7fd2a5
VMZeuS
3ee04e378f6430e85f5756093e80b243c2ebbcb9f2ee77cc32acd1cd9e333301
VMZeuS
5c3bde59fa48471670841beba658fc9cfe707fac64b4b7f8446dd51a7706d133
VMZeuS
73acff9ea3647f699cd645b09e652ca498eea7c5cee9f3cb573afda67a0ceeb2
VMZeuS
88303bec606c271a2db6fe1bb0945c7e79835203ff2d9ee629c1d9e3987ccaac
VMZeuS
e4cd3a3bbf851aea2645ff32eeb8fbe177b79bf8149737c52acb413b2ff13eb6
VMZeuS
f473938086334f7e6877e53b350339f11cfcc87ba10ec04a17bccfdf4d47a301
VMZeuS
+ 110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201110-6r75219gm6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments