MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9c72773235196502fbbb9eb387351945503ce887cd1d873b70b2a92e3a913a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e9c72773235196502fbbb9eb387351945503ce887cd1d873b70b2a92e3a913a2
SHA3-384 hash:	faf590b8070fc15d30edbeb0bbe74dfe1e3d9510d6908f8146a54c5c22e6a98ab3b657386ef55dde29809bb83815bee2
SHA1 hash:	cee3c0f23fd194ee14ba03cd88526346d16d58e2
MD5 hash:	36d91d4eb7ec4a756d48662895c46b45
humanhash:	solar-fix-black-zulu
File name:	evolution_2.0.9.4.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	180'000 bytes
First seen:	2020-07-19 17:34:10 UTC
Last seen:	2020-07-19 19:20:10 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2e90e5076f1db4bfc9662a91732393ed (1 x ZeuS)
ssdeep	3072:jkpiklTKN0d8N0msn8V41WNMuRl9PGZDZOmwq2PVORZFZqBEE2CZZsvxhCbkB:Ynp20I4cNxTxGZdJwqkgRZFZq32ysvGs
Threatray	111 similar samples on MalwareBazaar
TLSH	210412D0F8633491FF26A476C3F61FBAC26A9816BC244F4BD751A830EAC3A749C32555
Reporter	@tildedennis
Tags:	evolution ZeuS

@tildedennis

evolution version 2.0.9.4

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28032/

Detection(s):

Win.Trojan.Fareit-7133083-0

Win.Trojan.Xtreme-245

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/390070

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e9c72773235196502fbbb9eb387351945503ce887cd1d873b70b2a92e3a913a2/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2013-04-03 08:42:00 UTC

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-m6elv8atrn/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Adds Run key to start application

Loads dropped DLL

Deletes itself

Executes dropped EXE

AV coverage:

84.06%

AV detections:

58 / 69

Link:

https://www.virustotal.com/gui/file/e9c72773235196502fbbb9eb387351945503ce887cd1d873b70b2a92e3a913a2/detection/f-e9c72773235196502fbbb9eb387351945503ce887cd1d873b70b2a92e3a913a2-1582177376

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e9c72773235196502fbbb9eb387351945503ce887cd1d873b70b2a92e3a913a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/evolution/

Cape

https://www.capesandbox.com/analysis/28032/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample