MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574
SHA3-384 hash: 962bf9607067e9e0131b96361c7e032a0955a5f78e217d27084a2f6f193c788c4200a0a9cdad03022b738720e17b54d7
SHA1 hash: d3acf4090423b15554c0f96585145ef718d084cc
MD5 hash: cb2787afad184a3aa6e43a305fd0b98b
humanhash: mobile-kilo-don-queen
File name:eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574
Download: download sample
Signature ZeuS
Create hunting rule
File size:65'024 bytes
First seen:2020-10-25 02:30:36 UTC
Last seen:2020-10-25 04:42:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f395a1e2d4735fb2899a3207d41ede4d (1 x ZeuS)
ssdeep 1536:fETG7FOpQXtAI6eg84YUrIhieOiMCEj+qNHa6:8mHXtZg849C/Ctj
Threatray 71 similar samples on MalwareBazaar
TLSH F053F20691EB9F0DD81DA0F5CD77CE3268290E35536FE979C68CDE183A484211E79B4E
Reporter tildedennis
Tags:ZeuS zeus 1


Avatar
tildedennis
zeus 1 version 1.3.4.5

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'532
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/75319/
Detection(s):
SecuriteInfo.com.Trojan.Webmoner.60984.3483.30698.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows directory
Enabling the 'hidden' option for recently created files
Sending a UDP request
Unauthorized injection to a system process
Enabling autorun
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/508859
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Creates an undocumented autostart registry key
Detected unpacking (changes PE section rights)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2011-05-28 04:31:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=52tagdlrekgropfaicztmjivda2jihjgavitxqexwl2vhlij4v2a._file
Verdict:
malicious
Similar samples:
05a75635bc6db83ea1ecce6c0572e829db450fbffaae71ed74c51ac867ac2339
ZeuS
1283285b7d4791bacfcbd29c8d579785b75a636d1e1866d8219600a353bb8973
ZeuS
2f2d9760aa86fa4b197c2dcbb361c85cbb63a40a8c7049a561fa720f67a9bb87
ZeuS
4549a428260ba0c60e1f59e1b30e5198df946baf93ecd037cf657c11d2d62dfd
ZeuS
82319c80d10c34816d768582c48cccc4ed0a8e78d4b6760777aedf8fed2f1720
ZeuS
a32036a66a060f3592f621d1181683d2d07682815f43dbeffef771bb50776ee4
ZeuS
aa8c776ec59e6c777b178a2836c5c20c9cb3e89155b4044c3b96dc1599c3695b
ZeuS
e010738373d6fa1832f5227678c375950c95ae9a9cd92f8afa0b5dd3d77e796d
ZeuS
ef82875918958a6a376fe6bf6562b136ebd61b816b34d4318b6aa4e150fa510c
ZeuS
f46d61129fce27a1da5e4c47d3b7e515cb101878722f57f515df14b061e13af1
ZeuS
+ 61 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201025-thml4m2rfx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574
MD5 hash:
cb2787afad184a3aa6e43a305fd0b98b
SHA1 hash:
d3acf4090423b15554c0f96585145ef718d084cc
Link:
https://www.unpac.me/results/5c4e83f7-3c4e-4bbc-a563-20e6d5c82925/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Wsnpoem
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zeus 1/
Cape
Cape
https://www.capesandbox.com/analysis/75319/

Comments