MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0af7b536a1c1c74e6ea269ea8cebcf63f5f159f7b971c716650eeba021b7bac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

VMZeuS

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	e0af7b536a1c1c74e6ea269ea8cebcf63f5f159f7b971c716650eeba021b7bac
SHA3-384 hash:	303b7a0ceab0af60b7af9b3ce8d3fac4e0a51b64a77935c9c475227b5465496f2a58ad4046e95fb6b12c5fe49eee6fd1
SHA1 hash:	92193a80b759a0294479e46340ecd0633c457f24
MD5 hash:	73090c0a77b3871af285f1e064784093
humanhash:	lima-neptune-johnny-paris
File name:	e0af7b536a1c1c74e6ea269ea8cebcf63f5f159f7b971c716650eeba021b7bac
Download:	download sample
Signature	VMZeuS Create hunting rule
File size:	147'456 bytes
First seen:	2020-08-30 13:23:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	305cf7cfd44ef242fe4c58eb0725abed (1 x VMZeuS)
ssdeep	3072:BcLK3Jo+ZwzjCmAoOwA+VLB3w08miB1bSWeA7kIWBJG+dUUqxYkk8JO:ST+2od+VLhw08miB1WW3ZEWRbO
Threatray	2 similar samples on MalwareBazaar
TLSH	68E3F1506A320666C0F0B3BADE49174ADB2FDAC578C5D38F1D6363EA34CD6CF6216285
Reporter	tildedennis
Tags:	unnamed 4

tildedennis

unnamed 4 version 1.7.0.1

Intelligence

File Origin

# of uploads :

1

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/53132/

Detection(s):

Win.Trojan.Zbot-54818

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/454642

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to detect virtual machines (IN, VMware)

Contains VNC / remote desktop functionality (version string found)

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Detected ZeusVM e-Banking Trojan

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

PE file has a writeable .text section

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e0af7b536a1c1c74e6ea269ea8cebcf63f5f159f7b971c716650eeba021b7bac/

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2011-10-17 00:53:00 UTC

AV detection:

25 of 25 (100.00%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

37259fff5937e8c92679a70cff7fc4b81043451ce705c982398865b17c7fd2a5

88303bec606c271a2db6fe1bb0945c7e79835203ff2d9ee629c1d9e3987ccaac

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/200830-b3yzg45bs2/

Behaviour

Runs net.exe

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kazy

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e0af7b536a1c1c74e6ea269ea8cebcf63f5f159f7b971c716650eeba021b7bac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/unnamed 4/

Cape

Cape

https://www.capesandbox.com/analysis/53132/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample