MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0790b78619a111c705dfe2a790475ac49e55b6138a860454c702c8b59d70ef6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 7 File information Yara 1 Comments

SHA256 hash: a0790b78619a111c705dfe2a790475ac49e55b6138a860454c702c8b59d70ef6
SHA3-384 hash: 5b834754eb9dbeaea2e4a191e048126c3ae948386ed9f32904717df86b35eaca904b77696dc62ae74520cf9db32c0529
SHA1 hash: 100b9045cc8e71270af4dc38b2a8a46305a0456b
MD5 hash: 6aa7c7d47fe0d23b23a410734a7503c8
humanhash: helium-high-cat-victor
File name:zeus 1_1.3.0.0.vir
Download: download sample
Signature ZeuS
File size:99'328 bytes
First seen:2020-07-19 19:42:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 97b06a781bb07d82e7c18c846bb77c41
ssdeep 3072:tzGXB1nrn+QstrIqltUHgJegtXdm4FD6O+uBKdCw:taXBJ+QM0SDJeKdUd
TLSH 1AA3C0EB385C48F7C69D0B7859B27E0A4BA14005003F6A012998EECDBFD5ACD459F7E2
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.0.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
23
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
88 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-06-21 11:33:00 UTC
AV detection:
24 of 25 (96.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

Yara Signatures


Rule name:win_zeus_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments