MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0b04a20f391cbef76aaec658b03da3de014d582054691f74c36641906cfc2e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara Comments

SHA256 hash:	c0b04a20f391cbef76aaec658b03da3de014d582054691f74c36641906cfc2e6
SHA3-384 hash:	86547ade559c6c77ebd1d8207c5951ed33a7035599259fc61ddbc66a409f00d2bd2abf8aba11e204e4f518fa8df09ecb
SHA1 hash:	e0babb378ae8b61520ef99f667913adafc882e63
MD5 hash:	15229b5debbb1d6d189abac9d71d7868
humanhash:	helium-edward-massachusetts-vegan
File name:	zeus 1_1.3.0.23.vir
Download:	download sample
Signature	ZeuS
File size:	978'944 bytes
First seen:	2020-07-19 19:27:54 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c96e9e6d3810e23f744bb879fa980b87
ssdeep	24576:eCEwzDcNnHOTlyPSIGZx94kRjmtnf3pWoRvS1Sjkn:N3cNHO8qV41xf5WoRa1SjU
TLSH	D325337AF79B47AAD8574D331B46A81CEC0F0C46EA813D36BFAA6CDE294434C6CC6541
Reporter	@tildedennis
Tags:	zeus 1

@tildedennis

zeus 1 version 1.3.0.23

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28191/

Detection(s):

Win.Trojan.Bancos-17786

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/390260

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c0b04a20f391cbef76aaec658b03da3de014d582054691f74c36641906cfc2e6/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2014-04-24 14:22:00 UTC

AV detection:

29 of 31 (93.55%)

Threat level

5/5

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/200719-pbwc6dz19j/

Behaviour

Suspicious use of UnmapMainImage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Drops file in System32 directory

Modifies WinLogon for persistence

AV coverage:

77.46%

AV detections:

55 / 71

Link:

https://www.virustotal.com/gui/file/c0b04a20f391cbef76aaec658b03da3de014d582054691f74c36641906cfc2e6/detection/f-c0b04a20f391cbef76aaec658b03da3de014d582054691f74c36641906cfc2e6-1593756760

Threat name:

Unknown

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/28191/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample