MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6a8fb2eea4ebfd8d25afde9234335afca980c7c49d94ebda88db4a00c493c87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: d6a8fb2eea4ebfd8d25afde9234335afca980c7c49d94ebda88db4a00c493c87
SHA3-384 hash: 8f8a3d7d5d5d212fe1ee57c511ad695f8d3edb13490146e8d157d40bf53edec0a1d68861723f9d667cb976f0dc1725cb
SHA1 hash: 38002380c8937a25ffc93aedfd73b2eb74c42eb7
MD5 hash: d03a42dc109f4b890b3d1d0bd70e0e31
humanhash: item-iowa-failed-south
File name:gameover_0.0.0.21.vir
Download: download sample
Signature ZeuS
File size:3'768'832 bytes
First seen:2020-07-19 17:27:41 UTC
Last seen:2020-07-19 19:18:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8ede77705af1907eebe7bbbeba7d1184
ssdeep 6144:MzEz73oXBynQci5ioAIrKfN9nBawutxuKZtUIDGMgggggggggggggggggggggggE:LoXCQcLoAHN9BaxtxuWUe
TLSH 0B062A8BBA850DDEF1DD0F3E08A260AB4DB1F56C443A4AB4ABD0A18F0D9F5D6481C775
Reporter @tildedennis
Tags:gameover ZeuS


Twitter
@tildedennis
gameover version 0.0.0.21

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2016-05-27 01:57:01 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments