MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d122c989fe69f0912e7fb2aa838d6eb83995c86b6986f7b9e20fbea287e91ed4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	d122c989fe69f0912e7fb2aa838d6eb83995c86b6986f7b9e20fbea287e91ed4
SHA3-384 hash:	966807dcdc8d7b4d6ba13a4576ba849902fc1e55c3c0b75390a84c27525e78389fc4c126eda7145fe8fb857d0ed1f9fa
SHA1 hash:	edeca3d9be67fe3e643b8d0e8456c327d119b2c7
MD5 hash:	b3fa9e293c8a1886076f9bcb6e418373
humanhash:	finch-monkey-pennsylvania-golf
File name:	d122c989fe69f0912e7fb2aa838d6eb83995c86b6986f7b9e20fbea287e91ed4.bin
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	150'016 bytes
First seen:	2023-09-29 02:06:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6af1922a02b6a44b6a0820a60299381b (1 x ZeuS)
ssdeep	3072:t7fL6ADhJ1luf+5Di2/m7V2vVPuYK5gQFF0ZQ:RfL6AlEF7V2sYK5rL
Threatray	57 similar samples on MalwareBazaar
TLSH	T17BE30176E550D316E3B7A132E2591CDCF23647254B85D68A352C39B3782078EA3B863F
TrID	32.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 20.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 9.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	tildedennis
Tags:	exe iceix ZeuS

tildedennis

iceix version 1.2.7.0

Intelligence

File Origin

# of uploads :

# of downloads :

471

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/451861/

Detection(s):

Win.Spyware.Zbot-21053

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Gathering data

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

masquerade overlay packed zbot

Link:

https://www.filescan.io/uploads/6516310b83a0c6425d024092/reports/876b7a24-31ef-4795-88d7-b597f11ac315/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/d122c989fe69f0912e7fb2aa838d6eb83995c86b6986f7b9e20fbea287e91ed4

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Zeus

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5a74bdcd-16f4-422b-bcef-d549a925f986

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/1316153

Signature

Antivirus / Scanner detection for submitted sample

Contains VNC / remote desktop functionality (version string found)

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Detected ZeusVM e-Banking Trojan

Found evasive API chain (may stop execution after checking mutex)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d122c989fe69f0912e7fb2aa838d6eb83995c86b6986f7b9e20fbea287e91ed4/

Threat name:

Win32.Trojan.Zeus

Status:

Malicious

First seen:

2012-04-12 10:57:00 UTC

AV detection:

22 of 24 (91.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2ermtcp6nhyjclt7wkvihdloxa4zlsdlngdppopcb67kfb7jd3ka._file

Result

Malware family:

n/a

Score:

8/10

Tags:

evasion persistence

Link:

https://tria.ge/reports/230929-cjebpsgf78/

Behaviour

Modifies Internet Explorer settings

NTFS ADS

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Launches sc.exe

Suspicious use of SetThreadContext

Adds Run key to start application

Deletes itself

Executes dropped EXE

Loads dropped DLL

Modifies Windows Firewall

Unpacked files

SH256 hash:

00224a6627121433bd556bd02592b0b3a82ee49a5f257b6ec23939279a5c12f6

MD5 hash:

5be085adcb2f1ceabd715fa996b92418

SHA1 hash:

2b8b570eb9ba3708b6739657d520d0eb8e92aa6a

Detections:

win_ice_ix_auto

Link:

https://www.unpac.me/results/7e848c85-e9ef-4757-a55a-69c00404b86e/

SH256 hash:

d122c989fe69f0912e7fb2aa838d6eb83995c86b6986f7b9e20fbea287e91ed4

MD5 hash:

b3fa9e293c8a1886076f9bcb6e418373

SHA1 hash:

edeca3d9be67fe3e643b8d0e8456c327d119b2c7

Link:

https://www.unpac.me/results/7e848c85-e9ef-4757-a55a-69c00404b86e/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/d122c989fe69/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d122c989fe69f0912e7fb2aa838d6eb83995c86b6986f7b9e20fbea287e91ed4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/iceix/

Cape

https://www.capesandbox.com/analysis/451861/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample