MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca2ab2eb8249afceb6b9f42bac54fe8635fb5ccbf4e497c35ed700d9dae1c2d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments

SHA256 hash: ca2ab2eb8249afceb6b9f42bac54fe8635fb5ccbf4e497c35ed700d9dae1c2d1
SHA3-384 hash: af7dc9f9aae0da7b156ce0de65284c8072faf7140e00739af880a9ad83746e9004a0908713cec95c85d53f579f8326ce
SHA1 hash: b4b4772d485d7d4192774aca3a9c594f82717adb
MD5 hash: 9babe52f985b2b4193113d5c260eb195
humanhash: beer-friend-butter-leopard
File name:ca2ab2eb8249afceb6b9f42bac54fe8635fb5ccbf4e497c35ed700d9dae1c2d1
Download: download sample
Signature ZeuS
File size:130'560 bytes
First seen:2021-03-20 13:06:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d2d0d8d094caedbfe934e30be29bea57 (1 x ZeuS)
ssdeep 3072:WhBFnGu6BYxbu75pZlgpXor85hfuHwhxqn9fI2uW+It:WhHGzK475pUpXiwgxExIt
Threatray 83 similar samples on MalwareBazaar
TLSH 4BD302676777ED01F57A073702721A4B299B2B0EA4D1ACE713B1F2807A7124B741273B
Reporter @tildedennis
Tags:unnamed 9


Twitter
@tildedennis
unnamed 9 version 2.0.9.154

Intelligence


File Origin
# of uploads :
1
# of downloads :
284
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ca2ab2eb8249afceb6b9f42bac54fe8635fb5ccbf4e497c35ed700d9dae1c2d1
Verdict:
Malicious activity
Analysis date:
2021-03-20 13:10:03 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2012-09-08 05:00:00 UTC
AV detection:
22 of 25 (88.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Modifies Internet Explorer settings
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
9bae8698d98d22eb7043f34f1686be76997a66078ca743812c0b58877d02810e
MD5 hash:
30ec48714670d8bab4d31358a72f171c
SHA1 hash:
49a5a618bf6d41cc1123a033d225ef5b1dc2e1b1
SH256 hash:
ca2ab2eb8249afceb6b9f42bac54fe8635fb5ccbf4e497c35ed700d9dae1c2d1
MD5 hash:
9babe52f985b2b4193113d5c260eb195
SHA1 hash:
b4b4772d485d7d4192774aca3a9c594f82717adb

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments