MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9b129c1eb6c4e4aba085a039b13d7e895938c04e2ca8e6d4afe3f8317faa96d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9b129c1eb6c4e4aba085a039b13d7e895938c04e2ca8e6d4afe3f8317faa96d
SHA3-384 hash: 7a0fcb244864da42aa77c57b62282e2a60cd827cc62c6d3b2688545dab91ceafd77881ee4377bb54d9429b6c6b14af26
SHA1 hash: 61dbc7e9c3df2657a50e833506b546314724532d
MD5 hash: 79d9868a2769e6174f34bfa692949f4f
humanhash: alaska-helium-finch-carolina
File name:79d9868a2769e6174f34bfa692949f4f.bin
Download: download sample
Signature ZeuS
Create hunting rule
File size:387'232 bytes
First seen:2022-03-10 02:24:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 368db323dcfc70861e0aa3f7ea0217f8 (1 x ZeuS)
ssdeep 6144:6BmG9HJbeXswbKPdMM05hPtyPdVptNPpFalqqbhIKE4m3vsI/4zeQQD5W9:6zJbeXlGdd05h0ltZpFGbh4N3vsI/chj
Threatray 2 similar samples on MalwareBazaar
TLSH T15C8412C333EE1AEBF1B246719920A91543E6F82404770CBAA1F40AC98FD5D55B14B6FB
Reporter tildedennis
Tags:exe prg ZeuS


Avatar
tildedennis
prg version 29

Intelligence

File Origin
# of uploads :
1
# of downloads :
654
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/248957/
Detection(s):
Win.Malware.Zeus-9785249-1
Create hunting rule

Win.Trojan.Zbot-45937
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file in the Windows subdirectories
Sending a custom TCP request
Unauthorized injection to a system process
Enabling autorun
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8838/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm evasive greyware overlay packed
Link:
https://www.filescan.io/uploads/62296182dfdfa8501c83af0f/reports/b20a54a5-88e8-4d3c-95a0-cea000c07fc2/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4dd0e461-68ca-4d53-801b-846f55347e0a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/953872
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Creates an undocumented autostart registry key
Found evasive API chain (may stop execution after checking mutex)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d9b129c1eb6c4e4aba085a039b13d7e895938c04e2ca8e6d4afe3f8317faa96d/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2012-05-28 16:21:00 UTC
AV detection:
25 of 25 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
cb484f57d79564c8f7b685c7c7c578c4eaf5ca29e8616fd80f633fe7f9c75b58
ZeuS
d91dd9570b91f6846291a727b5ac816e627b11cd9772a40b8dd66ba06503a585
ZeuS
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence upx
Link:
https://tria.ge/reports/220310-cwa5tafgfn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in System32 directory
UPX packed file
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
d9b129c1eb6c4e4aba085a039b13d7e895938c04e2ca8e6d4afe3f8317faa96d
MD5 hash:
79d9868a2769e6174f34bfa692949f4f
SHA1 hash:
61dbc7e9c3df2657a50e833506b546314724532d
Link:
https://www.unpac.me/results/da42420d-d854-4e59-8b7b-5886da2e9e48/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/d9b129c1eb6c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zbot
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/d9b129c1eb6c4e4aba085a039b13d7e895938c04e2ca8e6d4afe3f8317faa96d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/prg/
Cape
Cape
https://www.capesandbox.com/analysis/248957/

Comments