MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0790b78619a111c705dfe2a790475ac49e55b6138a860454c702c8b59d70ef6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 7 File information Yara 1 Comments

SHA256 hash:	a0790b78619a111c705dfe2a790475ac49e55b6138a860454c702c8b59d70ef6
SHA3-384 hash:	5b834754eb9dbeaea2e4a191e048126c3ae948386ed9f32904717df86b35eaca904b77696dc62ae74520cf9db32c0529
SHA1 hash:	100b9045cc8e71270af4dc38b2a8a46305a0456b
MD5 hash:	6aa7c7d47fe0d23b23a410734a7503c8
humanhash:	helium-high-cat-victor
File name:	zeus 1_1.3.0.0.vir
Download:	download sample
Signature	ZeuS
File size:	99'328 bytes
First seen:	2020-07-19 19:42:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	97b06a781bb07d82e7c18c846bb77c41
ssdeep	3072:tzGXB1nrn+QstrIqltUHgJegtXdm4FD6O+uBKdCw:taXBJ+QM0SDJeKdUd
TLSH	1AA3C0EB385C48F7C69D0B7859B27E0A4BA14005003F6A012998EECDBFD5ACD459F7E2
Reporter	@tildedennis
Tags:	ZeuS zeus 1

@tildedennis

zeus 1 version 1.3.0.0

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Gathering data

Detection(s):

Win.Trojan.Bancos-18005

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/390525

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a0790b78619a111c705dfe2a790475ac49e55b6138a860454c702c8b59d70ef6/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2011-06-21 11:33:00 UTC

AV detection:

24 of 25 (96.00%)

Threat level

5/5

Detection(s):

Malicious file

Link:

https://www.spamhaus.org/query/hash/ub4qw6dbtiiry4c57yvhsbdvvre6kw3bhcugarkmoawiwwoxb33a._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-net64r2kca/

Behaviour

Suspicious behavior: EnumeratesProcesses

Drops file in System32 directory

Modifies WinLogon for persistence

AV coverage:

80.28%

AV detections:

57 / 71

Link:

https://www.virustotal.com/gui/file/a0790b78619a111c705dfe2a790475ac49e55b6138a860454c702c8b59d70ef6/detection/f-a0790b78619a111c705dfe2a790475ac49e55b6138a860454c702c8b59d70ef6-1594119382

Threat name:

Unknown

Score:

1.00

Yara Signatures

Rule name:	win_zeus_auto
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/28334/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample