MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9eabb73fe305b3afaba2e0340c7e8cc8aa468769f9d55c3d967877596c856c3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 9eabb73fe305b3afaba2e0340c7e8cc8aa468769f9d55c3d967877596c856c3d
SHA3-384 hash: af768bed28bac0c73dbed5192e6a0fc0cf725772efa926f1f6b681804aa8c1b3e6d23ed6589c00d4dc1ccb02ab8e8210
SHA1 hash: 50fa333d61e3afb5f147939bffa45c15ba3f3a58
MD5 hash: 83b02f124378c926e5302bcdbf0d4356
humanhash: five-venus-freddie-leopard
File name:zeus 1_1.2.4.5.vir
Download: download sample
Signature ZeuS
File size:102'400 bytes
First seen:2020-07-19 19:50:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 83cc0f9c978e9720300ee05fa4733587 (1 x ZeuS)
ssdeep 1536:zssaw4W/ZEEh9XCYkJnkvSnJKQUV2V8AOEXSmmUkfI2i0EPdQXkOce:NawbxEE1EKz2GAKHU6iG0Oc
Threatray 75 similar samples on MalwareBazaar
TLSH 6EA38D6E7A4500F3C9D61339C612773797EAED342036BC9393D04F9A1A9A4A1B72DB43
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.5

Intelligence


File Origin
# of uploads :
1
# of downloads :
74
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2015-03-20 04:20:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Drops file in System32 directory
Suspicious use of NtCreateProcessExOtherParentProcess

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments