MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c71f91be4c1bf1645867ed1d42d80f18ed71de9de1aab54d784af7679b4a59d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c71f91be4c1bf1645867ed1d42d80f18ed71de9de1aab54d784af7679b4a59d2
SHA3-384 hash: 28e882c60ce690f8b9984db48c4ef186361775d227e57fe50412ecd568ba3fc3d673c63f20bbfe4f3c770a4a8f76fb0b
SHA1 hash: 637555c1d202f54aa2e3bf192217eda00046e0dc
MD5 hash: 62dd270c7a45183db0a73060993e2583
humanhash: double-fanta-juliet-wisconsin
File name:c71f91be4c1bf1645867ed1d42d80f18ed71de9de1aab54d784af7679b4a59d2.bin
Download: download sample
Signature ZeuS
Create hunting rule
File size:549'376 bytes
First seen:2022-03-26 01:29:22 UTC
Last seen:2024-07-24 21:21:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7252ceab41cd55ec19d8fd3d84378d05 (1 x ZeuS)
ssdeep 12288:Jz/rTEVMSUYYRTNEznofMVdmG6QvQztBvE84BI:JDS+RTxEVdmrQIB884y
Threatray 1 similar samples on MalwareBazaar
TLSH T136C4128533F94629E5BA5F731CB4281409F7FE161D78C4CE9A94808F8B30AB59B76B07
File icon (PE):PE icon
dhash icon 4ab96ccc94d17324 (2 x ZeuS)
Reporter tildedennis
Tags:exe prg ZeuS


Avatar
tildedennis
prg version 12

Intelligence

File Origin
# of uploads :
2
# of downloads :
631
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/257945/
Detection(s):
Win.Malware.Zbot-6732674-0
Create hunting rule

Win.Spyware.68452-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file
Creating a file in the Windows subdirectories
Launching a service
Loading a system driver
Sending a custom TCP request
Enabling autorun for a service
Unauthorized injection to a system process
Enabling autorun
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11472/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive fingerprint greyware netsh.exe overlay packed panda remote.exe stealer zbot zeus
Link:
https://www.filescan.io/uploads/623e6c9e9253b276b772eb4a/reports/8301f548-7faa-4f5b-b7b4-5f95bf758b00/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e4b7fa98-4069-4a7d-b044-b8bd40c59253
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/964988
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Creates an undocumented autostart registry key
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c71f91be4c1bf1645867ed1d42d80f18ed71de9de1aab54d784af7679b4a59d2/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2021-05-09 02:03:00 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
39 of 42 (92.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y4pzdpsmdpywiwdh5uoufwapddwxdxu54gvlktlyjl3wpg2klhja._file
Verdict:
malicious
Similar samples:
b5eb858ed1498c31460c40a12eb6e989b2cd01c17cac48c5337eca8230bbbcf1
ZeuS
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence spyware stealer
Link:
https://tria.ge/reports/220326-bwt29abfcl/
Behaviour
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Drops file in System32 directory
Reads user/profile data of web browsers
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
c71f91be4c1bf1645867ed1d42d80f18ed71de9de1aab54d784af7679b4a59d2
MD5 hash:
62dd270c7a45183db0a73060993e2583
SHA1 hash:
637555c1d202f54aa2e3bf192217eda00046e0dc
Link:
https://www.unpac.me/results/052532b1-0478-4610-9578-08a5b4034f75/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zbot
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/c71f91be4c1bf1645867ed1d42d80f18ed71de9de1aab54d784af7679b4a59d2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/prg/
Cape
Cape
https://www.capesandbox.com/analysis/257945/

Comments