MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253
SHA3-384 hash:	809b954ab217ea8a1e81feb3b9194497cd6d21668299c4b1c41d24f2b0941aca64935e79e32312530888904c469bfa68
SHA1 hash:	6a7492a26d0a16320daa2cb187232fc0053f4f5f
MD5 hash:	8ba293749c97cbf48f30f02c66d3406d
humanhash:	victor-hot-friend-alpha
File name:	e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	225'792 bytes
First seen:	2021-08-02 19:03:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0f16db1e18559cc080852e2e8fd0038e (1 x ZeuS)
ssdeep	6144:ERAL6uxQIBpPnki+81Rnn1BgUUhgmfwgA3Bfdw+:z4MT+81RnnHLUhgrL3tdw+
Threatray	139 similar samples on MalwareBazaar
TLSH	T13B24E1D7FC60841BE28E84BE2925174C62A7ADF0AFE59103BB8477A97E727114C2F705
dhash icon	0000000000000000 (147 x AgentTesla, 129 x Heodo, 125 x Formbook)
Reporter	@tildedennis
Tags:	exe uncategorized ZeuS

@tildedennis

uncategorized version 4.0.0.1

Intelligence

File Origin

# of uploads :

# of downloads :

832

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253

Verdict:

Malicious activity

Analysis date:

2021-08-02 19:06:26 UTC

Tags:

trojan

Link:

https://app.any.run/tasks/fc0c0280-24e4-49a6-904a-b7ba7744eabe

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/175871/

Detection(s):

Win.Spyware.Zbot-13674

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a file in the %temp% directory

Unauthorized injection to a recently created process

Deleting a recently created file

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Zeus

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/14e4b474-057e-44b7-b8f0-53a7adbacda3

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/825709

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Contain functionality to detect virtual machines

Contains functionality to inject code into remote processes

Contains VNC / remote desktop functionality (version string found)

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Detected ZeusVM e-Banking Trojan

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253/

Threat name:

Win32.Trojan.Zeus

Status:

Malicious

First seen:

2011-10-04 22:05:00 UTC

AV detection:

23 of 25 (92.00%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence suricata

Link:

https://tria.ge/reports/210802-mb3ws1dgre/

Behaviour

Modifies Internet Explorer settings

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Adds Run key to start application

Deletes itself

Loads dropped DLL

Executes dropped EXE

suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 131.253.18.11-12

Unpacked files

SH256 hash:

2606aaad60af13fd07e98cf1e288dd183ddaedb374027d465e4771acfdb6028b

MD5 hash:

02200202118b5c6e724c2966bfb3db4f

SHA1 hash:

5a670d5adfe118b7c1c4952174789afd4919b9fe

Link:

https://www.unpac.me/results/802bb489-7ec4-4393-8eff-4666964d49a4/

SH256 hash:

2afd890122bba0eed6193476d04266b4a5b7a4de53cb514bd9eaf4243d9fc973

MD5 hash:

79460e0544e0dffe86dd51bba404a2d3

SHA1 hash:

ed294e22259f0de6bac6dd7a701b19b3cdcda900

Link:

https://www.unpac.me/results/802bb489-7ec4-4393-8eff-4666964d49a4/

SH256 hash:

b43aec5fde7d789ea60396e83b63822180bfda5b63fb4a44255bd2493ecdfc72

MD5 hash:

5333686b779fc42906f325fd44c823ee

SHA1 hash:

3e813ff649f42e04cfdc0b1433df382c62aebce5

Link:

https://www.unpac.me/results/802bb489-7ec4-4393-8eff-4666964d49a4/

SH256 hash:

e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253

MD5 hash:

8ba293749c97cbf48f30f02c66d3406d

SHA1 hash:

6a7492a26d0a16320daa2cb187232fc0053f4f5f

Link:

https://www.unpac.me/results/802bb489-7ec4-4393-8eff-4666964d49a4/

AV coverage:

81.16%

AV detections:

56 / 69

Link:

https://www.virustotal.com/gui/file/e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253/detection/f-e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253-1537906160

Threat name:

Zbot

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/uncategorized/

Cape

https://www.capesandbox.com/analysis/175871/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample