MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3baf4f620bd6a65ad0bd17009869a496b7e660d97be21db920daedcf8f95868. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 7 File information Yara Comments

SHA256 hash: d3baf4f620bd6a65ad0bd17009869a496b7e660d97be21db920daedcf8f95868
SHA3-384 hash: 22c7ab3b25ca373c282a6c7ea1eb73f48a34921a25a64baa74f0032ee7a21c46abdaa30f3e23111f721faba9cf834097
SHA1 hash: 1ce2413d9cf5bd5b59f39b4cbd49b22654eacd8f
MD5 hash: 2d87f01149e5267bde6bdf859e827c7d
humanhash: wolfram-hawaii-pasta-tennis
File name:zeus 1_1.2.4.9.vir
Download: download sample
Signature ZeuS
File size:1'589'760 bytes
First seen:2020-07-19 16:33:38 UTC
Last seen:2020-07-19 19:09:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a40e50b88be57186ca8ff2babd4b7cde
ssdeep 24576:g43M3MLygtxHpI+u8GRjX6oPIQia+9frWdYI+8CJ0d/nYcXn098ZN6IHb5:j3aEygtx6jXDPXinrjI+8k0d/nSU6U5
TLSH A2753307B8449D92C26B36FBBFFF45B2CA69E2161113D5A8675BE4104C4B4AAF3CE4C1
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.9

Intelligence


File Origin
# of uploads :
4
# of downloads :
17
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2015-07-20 08:14:30 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments