MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b
SHA3-384 hash:	76a4a6bba9d3fb5966da2d16bd9302e0cd41dc6b82bcf4f9f79377c07c53fa2fd0a95a0f98c6fa1c9fd07579db24192a
SHA1 hash:	43e952c6403f0af82e9862dc4990676c35dd56e0
MD5 hash:	cb6e711560e0a64d7bf387e55cf40437
humanhash:	carpet-table-fillet-aspen
File name:	zeus 1_1.3.3.0.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	164'352 bytes
First seen:	2020-07-19 19:27:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d7a1a7d8b0235e2129be4061f3665ae4 (2 x ZeuS)
ssdeep	3072:dWCJq70pYHgnRSVrvLSoK2z9RAAPvGaAP4ELQc3zVQxXYYCm:cqq70eHgRSVYCWAHdAPnpVilz
Threatray	101 similar samples on MalwareBazaar
TLSH	97F3CF7C985D7B79E78239FD600A01AB208E9D2287C6517B1FF20FDF8DCE2B45250966
Reporter	@tildedennis
Tags:	ZeuS zeus 1

@tildedennis

zeus 1 version 1.3.3.0

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.PSW.Generic7.BPAE.18957.28426.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/390233

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2011-05-29 05:28:00 UTC

AV detection:

40 of 48 (83.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://www.spamhaus.org/query/hash/rtuafw2dgkvejm2eya7zucw6tztwcthnjdbrw45qyzsrb7kkumnq._file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-6mgaacxfj6/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Drops file in System32 directory

Suspicious use of SetThreadContext

Modifies WinLogon for persistence

AV coverage:

80.00%

AV detections:

56 / 70

Link:

https://www.virustotal.com/gui/file/8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b/detection/f-8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b-1578643622

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/28183/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample