MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574
SHA3-384 hash: 962bf9607067e9e0131b96361c7e032a0955a5f78e217d27084a2f6f193c788c4200a0a9cdad03022b738720e17b54d7
SHA1 hash: d3acf4090423b15554c0f96585145ef718d084cc
MD5 hash: cb2787afad184a3aa6e43a305fd0b98b
humanhash: mobile-kilo-don-queen
File name:eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574
Download: download sample
Signature ZeuS
File size:65'024 bytes
First seen:2020-10-25 02:30:36 UTC
Last seen:2020-10-25 04:42:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f395a1e2d4735fb2899a3207d41ede4d (1 x ZeuS)
ssdeep 1536:fETG7FOpQXtAI6eg84YUrIhieOiMCEj+qNHa6:8mHXtZg849C/Ctj
Threatray 71 similar samples on MalwareBazaar
TLSH F053F20691EB9F0DD81DA0F5CD77CE3268290E35536FE979C68CDE183A484211E79B4E
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.3.4.5

Intelligence


File Origin
# of uploads :
2
# of downloads :
1'407
Origin country :
US US
Mail intelligence
Gathering data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows directory
Enabling the 'hidden' option for recently created files
Sending a UDP request
Unauthorized injection to a system process
Enabling autorun
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Creates an undocumented autostart registry key
Detected unpacking (changes PE section rights)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-05-28 04:31:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574
MD5 hash:
cb2787afad184a3aa6e43a305fd0b98b
SHA1 hash:
d3acf4090423b15554c0f96585145ef718d084cc

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments