MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 baf0a124d8079ba9449f9ebf71e5dc2b54babdff15690f4f44e86fc9ad490dec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: baf0a124d8079ba9449f9ebf71e5dc2b54babdff15690f4f44e86fc9ad490dec
SHA3-384 hash: 262bf302fb3b6dcca665003ab522b1748185ecacbd69cc2a2b17135d5d8fe91b457aa03a3dfb3534fbc64119b64d039a
SHA1 hash: 8f3a9a26fbb12fa26e88ad1e6debc3f8fa3352d7
MD5 hash: cefd06548231fe712b470bc40bb8a808
humanhash: carpet-network-mockingbird-avocado
File name:Zeus.exe
Download: download sample
File size:90'409'472 bytes
First seen:2026-01-24 13:11:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544
ssdeep 786432:iAZqtFi3zQzwBs6vNtcZY5Dfw3pgPVlcmXW:iAZui3zQz2jOZKft
TLSH T1D1187D03B3A705D5E8F7DA3196E65223A932BC066F3085DF324C17262F73AE05A76B51
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter burger
Tags:exe stealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
635
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/f552010c-f537-4590-b947-f45d98bfad44/
Malware family:
n/a
ID:
1
File name:
Zeus.exe
Verdict:
Suspicious activity
Analysis date:
2026-01-23 22:32:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0330c183-14a8-4000-8df8-79c7590a3f61

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6973f707f3cf908ba507d173
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug crypto fingerprint microsoft_visual_cc
Link:
https://www.filescan.io/uploads/6974c4f655805a763ff42859/reports/b0018bff-23e7-44c1-9bc8-608c6eb04b28/overview
Verdict:
Malicious
Labled as:
Trojan.Win64.Agent
Link:
https://www.hybrid-analysis.com/sample/baf0a124d8079ba9449f9ebf71e5dc2b54babdff15690f4f44e86fc9ad490dec
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-01-23T19:41:00Z UTC
Last seen:
2026-01-24T12:06:00Z UTC
Hits:
~1000
Detections:
BSS:Trojan.Win32.Generic HEUR:Trojan-Downloader.Script.Agent.gen
Link:
https://opentip.kaspersky.com/baf0a124d8079ba9449f9ebf71e5dc2b54babdff15690f4f44e86fc9ad490dec/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1856800
Signature
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Sigma detected: Potential WinAPI Calls Via CommandLine
Suspicious powershell command line found
Yara detected Generic Loader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1856800 Sample: Zeus.exe Startdate: 24/01/2026 Architecture: WINDOWS Score: 68 22 Multi AV Scanner detection for submitted file 2->22 24 Yara detected Generic Loader 2->24 26 Joe Sandbox ML detected suspicious sample 2->26 28 Sigma detected: Potential WinAPI Calls Via CommandLine 2->28 8 Zeus.exe 1 2->8         started        process3 signatures4 30 Suspicious powershell command line found 8->30 11 Zeus.exe 8->11         started        14 conhost.exe 8->14         started        process5 signatures6 32 Suspicious powershell command line found 11->32 16 tasklist.exe 1 11->16         started        18 powershell.exe 4 11->18         started        process7 process8 20 conhost.exe 16->20         started       
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/baf0a124d8079ba9449f9ebf71e5dc2b54babdff15690f4f44e86fc9ad490dec
Gathering data
Verdict:
Malicious
Threat:
Trojan.Win32.Agent
Link:
https://tip.neiki.dev/file/baf0a124d8079ba9449f9ebf71e5dc2b54babdff15690f4f44e86fc9ad490dec
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-23 22:32:30 UTC
File Type:
PE+ (Exe)
Extracted files:
11
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xlykcjgya6n2sre7t27xdzo4fnklvpp7cvuq6t2e5bx4tlkjbxwa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/260124-sac1aadt9h/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments