MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments

SHA256 hash: d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19
SHA3-384 hash: 100e55aee431b9fa3e73199fd78672ce4a035ffcbb634dd35945ca38d974cdafc0b3bc4b62a350909f88790743760fc8
SHA1 hash: 8750c27c58467b1c05e9912ce80ecce524ff3c38
MD5 hash: 2a4f55e3cee56751331314b2357bac87
humanhash: helium-nebraska-twelve-stairway
File name:d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19
Download: download sample
Signature ZeuS
File size:307'525 bytes
First seen:2020-06-29 07:28:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b40f29cd171eb54c01b1dd2683c9c26b (1 x ZeuS, 1 x Pony)
ssdeep 6144:0Fay4JR4GMcIvfflZhpRj9OmVfuiUws9HPyH1q:M4M9fPlZhXJFVfPUnsq
Threatray 133 similar samples on MalwareBazaar
TLSH 1A6413A415FE8453E78BDEB11AAE2B31D3F5B228651D8786BB141FBA2C515C3F2143C2
Reporter @JAMESWT_MHT
Tags:ZeuS

Intelligence


File Origin
# of uploads :
1
# of downloads :
101
Origin country :
IT IT
Mail intelligence
No data
Vendor Threat Intelligence
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2013-09-05 03:26:00 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
NSIS installer
Suspicious use of SetThreadContext
Adds Run entry to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments