MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7f1edbadee13fa42d4ad8b0030dc5f326c942b55a29f122a8651260d7cbceb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: e7f1edbadee13fa42d4ad8b0030dc5f326c942b55a29f122a8651260d7cbceb8
SHA3-384 hash: 170270c316c75675ba32e58f2250207b0578aee1d0cf7ebb16a2eba98d6fdfbd87b66af195324ada8c2f395d7145beae
SHA1 hash: 435516e55e04d41163b8ce206321d8eaba471112
MD5 hash: c486e97d4b2f5abbf08b01d584964f31
humanhash: uncle-earth-red-stream
File name:zeus 1_1.2.4.3.vir
Download: download sample
Signature ZeuS
File size:848'896 bytes
First seen:2020-07-19 19:44:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 69f30a624e3f9e104443e028a1df0209 (1 x ZeuS)
ssdeep 12288:PH4FWOYH7n0Q6LE6CH7FkKGKbqBVBgsbD5X2Bmm17J0GQuHEgJBJwnep7TFkzlq4:fpn7ny2Fc5B7jmn1QulLhp7T/clljUM
Threatray 173 similar samples on MalwareBazaar
TLSH D105331832395CCEF17602BBE06B5C35D4C1BAB1C7E2264B22876ADF64D0ED5D60678D
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.4.3

Intelligence


File Origin
# of uploads :
1
# of downloads :
1'317
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2012-09-13 02:25:00 UTC
AV detection:
23 of 25 (92.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments