MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 6 File information Yara Comments

SHA256 hash:	8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451
SHA3-384 hash:	0387f4a6e3349172e0fb6161e035811fe7a80f27e53a9cbd8251a35ba384657fbda240908c890e7c84a01db0f038f3cc
SHA1 hash:	e548106618d37564ec9271cd622f980837e98057
MD5 hash:	b9c618bfccb4c700f538415b4a475992
humanhash:	cup-lemon-king-california
File name:	zeus 1_1.2.4.10.vir
Download:	download sample
Signature	ZeuS
File size:	160'263 bytes
First seen:	2020-07-19 16:46:49 UTC
Last seen:	2020-07-19 19:10:50 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ef33d20ab851f174cdd759e358c92fc3
ssdeep	3072:wfG1WFOeI3vaxOqyg0Q7eqigDicQ9mZRiSIZGmzpPxYO0q7xEB:m3FGvaEaigeZMZRdIZvpPxYO0Gxw
TLSH	BFF3C092F58760F0ED0479B4703F7237E935864F0639DBD793A8CE92AF66212705934A
Reporter	@tildedennis
Tags:	ZeuS zeus 1

@tildedennis

zeus 1 version 1.2.4.10

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27882/

Detection(s):

Win.Dropper.Small-2030
Win.Trojan.Zbot-8063

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/389979

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451/

Threat name:

Win32.Downloader.Small

Status:

Malicious

First seen:

2012-01-02 05:34:00 UTC

AV detection:

27 of 29 (93.10%)

Threat level

3/5

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/200719-gxdsxx7dlx/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

Modifies WinLogon for persistence

AV coverage:

88.89%

AV detections:

64 / 72

Link:

https://www.virustotal.com/gui/file/8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451/detection/f-8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451-1591527314

Threat name:

Unknown

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/27882/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample