MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451
SHA3-384 hash: 0387f4a6e3349172e0fb6161e035811fe7a80f27e53a9cbd8251a35ba384657fbda240908c890e7c84a01db0f038f3cc
SHA1 hash: e548106618d37564ec9271cd622f980837e98057
MD5 hash: b9c618bfccb4c700f538415b4a475992
humanhash: cup-lemon-king-california
File name:zeus 1_1.2.4.10.vir
Download: download sample
Signature ZeuS
File size:160'263 bytes
First seen:2020-07-19 16:46:49 UTC
Last seen:2020-07-19 19:10:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ef33d20ab851f174cdd759e358c92fc3 (1 x ZeuS)
ssdeep 3072:wfG1WFOeI3vaxOqyg0Q7eqigDicQ9mZRiSIZGmzpPxYO0q7xEB:m3FGvaEaigeZMZRdIZvpPxYO0Gxw
Threatray 68 similar samples on MalwareBazaar
TLSH BFF3C092F58760F0ED0479B4703F7237E935864F0639DBD793A8CE92AF66212705934A
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.10

Intelligence


File Origin
# of uploads :
3
# of downloads :
64
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Downloader.Small
Status:
Malicious
First seen:
2012-01-02 05:34:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
Executes dropped EXE
Modifies WinLogon for persistence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments