MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3baf4f620bd6a65ad0bd17009869a496b7e660d97be21db920daedcf8f95868. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: d3baf4f620bd6a65ad0bd17009869a496b7e660d97be21db920daedcf8f95868
SHA3-384 hash: 22c7ab3b25ca373c282a6c7ea1eb73f48a34921a25a64baa74f0032ee7a21c46abdaa30f3e23111f721faba9cf834097
SHA1 hash: 1ce2413d9cf5bd5b59f39b4cbd49b22654eacd8f
MD5 hash: 2d87f01149e5267bde6bdf859e827c7d
humanhash: wolfram-hawaii-pasta-tennis
File name:zeus 1_1.2.4.9.vir
Download: download sample
Signature ZeuS
File size:1'589'760 bytes
First seen:2020-07-19 16:33:38 UTC
Last seen:2020-07-19 19:09:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a40e50b88be57186ca8ff2babd4b7cde (1 x ZeuS)
ssdeep 24576:g43M3MLygtxHpI+u8GRjX6oPIQia+9frWdYI+8CJ0d/nYcXn098ZN6IHb5:j3aEygtx6jXDPXinrjI+8k0d/nSU6U5
Threatray 115 similar samples on MalwareBazaar
TLSH A2753307B8449D92C26B36FBBFFF45B2CA69E2161113D5A8675BE4104C4B4AAF3CE4C1
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.9

Intelligence


File Origin
# of uploads :
4
# of downloads :
64
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2015-07-20 08:14:30 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments