MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4
SHA3-384 hash:	7e4b066bd662597b6b71ce6e4d6fe7fdb53bb4538c027304db436d3392322fd5e48278944eb3fcb0da39c548729de2d8
SHA1 hash:	114bc02e49bfd38e25a6c2e59a3528fcdabe1606
MD5 hash:	4ad4ee2b7652ad0bd2cea94c97674d0b
humanhash:	hawaii-venus-black-winter
File name:	zeus 1_1.2.7.13.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	456'192 bytes
First seen:	2020-07-19 19:36:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	972c6e60a8839119f8253057b4a2fcee (1 x ZeuS)
ssdeep	12288:5lNYR3tQx1JXQA4LPhtWCG+XACg3o5HiSu:5/sdQx1JXS1tWUwN
Threatray	5 similar samples on MalwareBazaar
TLSH	06A4021F936A48B1D3F1E97D5E807EE8019B10239CD3F0BB880EB71778A55A9449B74E
Reporter	@tildedennis
Tags:	ZeuS zeus 1

@tildedennis

zeus 1 version 1.2.7.13

Intelligence

File Origin

# of uploads :

1

# of downloads :

359

Origin country :

FR

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28291/

Detection(s):

PUA.Win.Packer.PrivateExeProte-16

PUA.Win.Packer.Ep-7

PUA.Win.Packer.Embedpe-3

PUA.Win.Packer.AcprotectUltraprotect-1

SecuriteInfo.com.PSW.Generic8.BIF.113.561.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/390441

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4/

Threat name:

Win32.Packed.Zbot

Status:

Malicious

First seen:

2014-10-16 15:39:00 UTC

AV detection:

29 of 31 (93.55%)

Threat level:

2/5

Verdict:

unknown

Similar samples:

2ace558d202e365fac33752bc28b1c60b07e90904c9f0f4492d13d67f3277530

47c4518661a80adc00b208c24ba1726bd1074360eec4c2e3d265f6c412f745f9

8f09e2d15730d4a4e19876b7d4f284fe43494e761824081dee255c677630f8e6

9e56b9c890057c4adac0a54f64720736438dcc1ba3cce009c7b510fea603f2e1

f4bf1d1294fcdebf960a81bc8bdf14edb488c4d844a90ab100a1d5354f8cd443

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-8d5qf5lnzj/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Program crash

AV coverage:

83.33%

AV detections:

60 / 72

Link:

https://www.virustotal.com/gui/file/8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4/detection/f-8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4-1578640640

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

Cape

https://www.capesandbox.com/analysis/28291/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample