MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bea5c56d864e39deef5d23cb9143f8572030da6b1df49a23d7d7151361de34ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: bea5c56d864e39deef5d23cb9143f8572030da6b1df49a23d7d7151361de34ab
SHA3-384 hash: 3d45b9e233c89826b77b2f170d08261e0e37e8bfb65be996259050385c1ae5372292b32e54e6673adc80c986aacc6d2c
SHA1 hash: d4e09053f04ae5a93b7af8c6f0f4e6c74247b260
MD5 hash: 78e41bf10b0cb626b90d845f37afe7e4
humanhash: nineteen-coffee-washington-chicken
File name:gameover_0.0.0.18.vir
Download: download sample
Signature ZeuS
File size:6'213'120 bytes
First seen:2020-07-19 16:46:09 UTC
Last seen:2020-07-19 19:10:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b9e9f7022c37f46be139161994f4307b
ssdeep 6144:6XctYymOJT/13fVeIs66n627SaPNl3ZxIm2kU0Rq7uqyKdw/zC:htYymOJT/13fVeIih/L2xVKW
TLSH 3156F09ECF095E91D1BE2D7E65F004279B005A0CCBDBCB8A4F41278968E63F57529A0F
Reporter @tildedennis
Tags:gameover ZeuS


Twitter
@tildedennis
gameover version 0.0.0.18

Intelligence


File Origin
# of uploads :
3
# of downloads :
17
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2012-10-21 01:12:00 UTC
AV detection:
25 of 25 (100.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments