MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c980ee1107a12c2da7f71e10b3808e1c60481b1eb9d253ca3b387e5cb246ab50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

VMZeuS

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	c980ee1107a12c2da7f71e10b3808e1c60481b1eb9d253ca3b387e5cb246ab50
SHA3-384 hash:	cb8e6c1755b037e519589c3ac26f07e91213023629810a525879a54f23b41fa84c533d0ae5f7695cab00499a17b78210
SHA1 hash:	4bae603e24ac042402555fdaefaecd5bfd8883bc
MD5 hash:	fac741d0618b82cdf7c41c89cffdb19e
humanhash:	bakerloo-zulu-three-cup
File name:	client32.bin
Download:	download sample
Signature	VMZeuS Create hunting rule
File size:	140'800 bytes
First seen:	2021-03-03 15:14:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1c2489367a741a394ef5f46c06397c1b (2 x VMZeuS, 1 x ZeuS)
ssdeep	3072:/caqyte6nV77snHLLxtXyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONm:/caBtJ77snHRAY7PNNW4IxZ7zbC0rONm
Threatray	127 similar samples on MalwareBazaar
TLSH	2CD3AF677480A0B2C5A73671AEA9B36523FFDD3427389C83E3980D6925B1893771E347
Reporter	JAMESWT_WT
Tags:	vmzeus

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

ZeuS_Botnet_2.0.8.9.rar

Verdict:

Malicious activity

Analysis date:

2020-12-11 08:40:13 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/34f1c703-8034-4296-8556-a81067cf0cac

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/121348/

Detection(s):

Win.Spyware.Zbot-1275

Win.Trojan.Zeus-6412294-0

Win.Trojan.Zbot-45091

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/626136

Signature

Antivirus / Scanner detection for submitted sample

Contains VNC / remote desktop functionality (version string found)

Detected ZeusVM e-Banking Trojan

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c980ee1107a12c2da7f71e10b3808e1c60481b1eb9d253ca3b387e5cb246ab50/

Threat name:

Win32.Trojan.Zeus

Status:

Malicious

First seen:

2011-06-30 22:25:00 UTC

File Type:

PE (Exe)

AV detection:

47 of 48 (97.92%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210303-91h2959232/

Unpacked files

SH256 hash:

c980ee1107a12c2da7f71e10b3808e1c60481b1eb9d253ca3b387e5cb246ab50

MD5 hash:

fac741d0618b82cdf7c41c89cffdb19e

SHA1 hash:

4bae603e24ac042402555fdaefaecd5bfd8883bc

Detections:

win_zeus_auto

Link:

https://www.unpac.me/results/c026a8f0-327b-413e-bafc-8bc172da7f03/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Spyeye

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c980ee1107a12c2da7f71e10b3808e1c60481b1eb9d253ca3b387e5cb246ab50

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/121348/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample