MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9eabb73fe305b3afaba2e0340c7e8cc8aa468769f9d55c3d967877596c856c3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 9eabb73fe305b3afaba2e0340c7e8cc8aa468769f9d55c3d967877596c856c3d
SHA3-384 hash: af768bed28bac0c73dbed5192e6a0fc0cf725772efa926f1f6b681804aa8c1b3e6d23ed6589c00d4dc1ccb02ab8e8210
SHA1 hash: 50fa333d61e3afb5f147939bffa45c15ba3f3a58
MD5 hash: 83b02f124378c926e5302bcdbf0d4356
humanhash: five-venus-freddie-leopard
File name:zeus 1_1.2.4.5.vir
Download: download sample
Signature ZeuS
File size:102'400 bytes
First seen:2020-07-19 19:50:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 83cc0f9c978e9720300ee05fa4733587
ssdeep 1536:zssaw4W/ZEEh9XCYkJnkvSnJKQUV2V8AOEXSmmUkfI2i0EPdQXkOce:NawbxEE1EKz2GAKHU6iG0Oc
TLSH 6EA38D6E7A4500F3C9D61339C612773797EAED342036BC9393D04F9A1A9A4A1B72DB43
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.5

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2015-03-20 04:20:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Drops file in System32 directory
Suspicious use of NtCreateProcessExOtherParentProcess
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments