MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae3eaa7167c9d6588a7a7b8a4569ad752d47b048a6ec2bdcd4aa0a06deb78435. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 8 File information Yara Comments

SHA256 hash: ae3eaa7167c9d6588a7a7b8a4569ad752d47b048a6ec2bdcd4aa0a06deb78435
SHA3-384 hash: b4486f335cf89d568f91b05e670e4c91ec87799e480af104d7e8b1f750f2756dbf68cfb82192542fbe1c261a24968794
SHA1 hash: 742984d2e102daabe70b9ac7489affc09552621d
MD5 hash: 35eddcb12bf51b1f174038d1e3209f8e
humanhash: johnny-william-dakota-oxygen
File name:zeus 1_1.3.3.7.vir
Download: download sample
Signature ZeuS
File size:151'552 bytes
First seen:2020-07-19 19:34:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash de8437f26a09278e3acc22c5b425781b
ssdeep 3072:TdrdP3oHXafvZghWrCQmckCEfncnlrBuDIPYLzESahp8rpQAEQ8+6:TbP4HKShlYjEfclrcPLza6VdEJ+6
TLSH 67E30242F2811A82E5A28CBC30EA64450D55F5A533B1FFF3E14D5A096F0D7D22CB6779
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.3.7

Intelligence


File Origin
# of uploads :
1
# of downloads :
24
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Spyware.Zbot
Status:
Malicious
First seen:
2011-06-01 09:17:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments