MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 afe57674c53de398de18be61175e7cf55447e9c57cd3b4c82b035a9d65ec86f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: afe57674c53de398de18be61175e7cf55447e9c57cd3b4c82b035a9d65ec86f3
SHA3-384 hash: 2fea8488b9fd78d7d1e523c3c7afdfbd185aad1fbac4d3c7d4564471110be576a4ab7a217c4ad190ff45e36c47097bb2
SHA1 hash: 6092541a5fc6941ae98acc64024ee7e9fbb96a57
MD5 hash: 1f0d255ad2996e3f4b5ea1202568ec67
humanhash: snake-tango-vermont-beer
File name:zeusaes_2.9.5.1.vir
Download: download sample
Signature ZeuS
File size:368'128 bytes
First seen:2020-07-19 16:48:50 UTC
Last seen:2020-07-19 19:12:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e6f3fded3fb3cb5ddb4ebee3e4ddedc
ssdeep 6144:LJZucOhqrLG5Tk1vi9Te7YTH2dxJOR8ghuinEeQTOBrsj4H9gvX/tW:7ucOhqWxZ+vJWhVn0OBIj4H98tW
TLSH A97423381B6AA61FCAF687B640E585174BF7FCF302F18B187E6106DD66908D1CAC7284
Reporter @tildedennis
Tags:ZeuS zeusaes


Twitter
@tildedennis
zeusaes version 2.9.5.1

Intelligence


File Origin
# of uploads :
3
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Spyware.Zbot
Status:
Malicious
First seen:
2013-08-13 12:40:00 UTC
AV detection:
18 of 25 (72.00%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Modifies registry class
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Deletes itself
Loads dropped DLL
Loads dropped DLL
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments