MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7
SHA3-384 hash: 928a216cb487f178ef148a834ad47d5bd9c7899c940dd6b3fc9f57be90d66714353414162f5a249b42098045f7155585
SHA1 hash: 74a869b20f433dc6d1df3cd5fff23db785c196c3
MD5 hash: 9667507db2ef67dd8aa974f747d11c48
humanhash: robert-nevada-pluto-london
File name:b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7
Download: download sample
Signature ZeuS
File size:138'240 bytes
First seen:2020-08-16 15:26:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 54a9fe1ea424a7b88b16cf9dbbe40e10 (1 x ZeuS)
ssdeep 3072:96W/chnivCGdQes1AXtJZLYoG8RA4FemjZIkPEO2DZ:9D4xes1AX7ZLYo9FemjZIksO8
Threatray 114 similar samples on MalwareBazaar
TLSH 7BD3123571280A48E1AE27714966E27D17AA39F1BE60113DE3542FDF887606C8E34BED
Reporter @tildedennis
Tags:unnamed 4 ZeuS


Twitter
@tildedennis
unnamed 4 version 1.7.3.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
1'664
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Detection:
malicious
Classification:
bank.troj.evad
Score:
76 / 100
Signature
Contains functionality to detect virtual machines (IN, VMware)
Contains VNC / remote desktop functionality (version string found)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Detected ZeusVM e-Banking Trojan
Machine Learning detection for sample
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-12-16 12:32:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Modifies Internet Explorer settings
Modifies system certificate store
NTFS ADS
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments