MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 6 File information Yara Comments

SHA256 hash: 8df08ecd3c08c6e28a5d73869b6c3a980363856cce72dd9a1c2170c75332a451
SHA3-384 hash: 0387f4a6e3349172e0fb6161e035811fe7a80f27e53a9cbd8251a35ba384657fbda240908c890e7c84a01db0f038f3cc
SHA1 hash: e548106618d37564ec9271cd622f980837e98057
MD5 hash: b9c618bfccb4c700f538415b4a475992
humanhash: cup-lemon-king-california
File name:zeus 1_1.2.4.10.vir
Download: download sample
Signature ZeuS
File size:160'263 bytes
First seen:2020-07-19 16:46:49 UTC
Last seen:2020-07-19 19:10:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ef33d20ab851f174cdd759e358c92fc3
ssdeep 3072:wfG1WFOeI3vaxOqyg0Q7eqigDicQ9mZRiSIZGmzpPxYO0q7xEB:m3FGvaEaigeZMZRdIZvpPxYO0Gxw
TLSH BFF3C092F58760F0ED0479B4703F7237E935864F0639DBD793A8CE92AF66212705934A
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.10

Intelligence


File Origin
# of uploads :
3
# of downloads :
17
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Downloader.Small
Status:
Malicious
First seen:
2012-01-02 05:34:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level
  3/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
Executes dropped EXE
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments