MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0b04a20f391cbef76aaec658b03da3de014d582054691f74c36641906cfc2e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: c0b04a20f391cbef76aaec658b03da3de014d582054691f74c36641906cfc2e6
SHA3-384 hash: 86547ade559c6c77ebd1d8207c5951ed33a7035599259fc61ddbc66a409f00d2bd2abf8aba11e204e4f518fa8df09ecb
SHA1 hash: e0babb378ae8b61520ef99f667913adafc882e63
MD5 hash: 15229b5debbb1d6d189abac9d71d7868
humanhash: helium-edward-massachusetts-vegan
File name:zeus 1_1.3.0.23.vir
Download: download sample
Signature ZeuS
File size:978'944 bytes
First seen:2020-07-19 19:27:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c96e9e6d3810e23f744bb879fa980b87
ssdeep 24576:eCEwzDcNnHOTlyPSIGZx94kRjmtnf3pWoRvS1Sjkn:N3cNHO8qV41xf5WoRa1SjU
TLSH D325337AF79B47AAD8574D331B46A81CEC0F0C46EA813D36BFAA6CDE294434C6CC6541
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.0.23

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2014-04-24 14:22:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of UnmapMainImage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments