MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a828d218d3d99d46ff48122117e2ecb53de196f442702676ed4e4cf0544b4da3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash: a828d218d3d99d46ff48122117e2ecb53de196f442702676ed4e4cf0544b4da3
SHA3-384 hash: 5717a384d57754ed820dcba3018886def1c435f100e55f015be412d8ec0febdf0c2975f7a364726d4a2ce95977a0655f
SHA1 hash: 50755b54adddcb85e6634ddaaa5deea7aaf79daf
MD5 hash: 8dea49404813ec8503c315c7634055c2
humanhash: nine-cola-tennis-video
File name:a828d218d3d99d46ff48122117e2ecb53de196f442702676ed4e4cf0544b4da3
Download: download sample
Signature ZeuS
File size:129'536 bytes
First seen:2020-09-06 16:04:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b48f9d0fcbf1d7bca23370c39acddbf3 (1 x ZeuS)
ssdeep 3072:fJwmsfzu6oTXfvD9T7eubTJ86uArdF5+5YWdGvneaahC:f2fihrfL1eyumdF8Z
TLSH 55C3E1F5B57C7DEFC299237825B2B9065BC09845023F8544B94AEE8ECEA91CD421F7E0
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.0.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
1'589
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-06-18 08:16:00 UTC
AV detection:
25 of 25 (100.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Drops file in System32 directory
Modifies WinLogon for persistence

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:win_zeus_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments