MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f06047b09abc77529969c5949deda36ff154539d1b9ed8942c22fbb307d8aac9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VMZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f06047b09abc77529969c5949deda36ff154539d1b9ed8942c22fbb307d8aac9
SHA3-384 hash: e364819ffb37aa82aa0e3e9c49c51ebf34862eb85c1077dd7f7ff32b2a866460d25a8f58142757fa6788612fdd930072
SHA1 hash: f107596acaa9e7a0916a46a68db923e3ab228be1
MD5 hash: a0173bd7d459e734f3417e40e612bb0c
humanhash: indigo-butter-ohio-wyoming
File name:uncategorized_1.2.0.1.vir
Download: download sample
Signature VMZeuS
Create hunting rule
File size:311'296 bytes
First seen:2020-07-19 17:32:27 UTC
Last seen:2020-07-19 19:19:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d1e60fec5749d15748d2db9f025d80a (1 x VMZeuS)
ssdeep 6144:1aT/ocZ3Q9RZDYGjShebqUyrfQ0bhj/aS4n6IlKrgqQUHYd6tkPx:U/oMyRZDnFbYrjbUS4mgqbHYd6qPx
Threatray 131 similar samples on MalwareBazaar
TLSH B66439C6BFA7D889F28240703225E7B5341678317865DA0AF2C56FA5B1242EE58DFF07
Reporter tildedennis
Tags:uncategorized vmzeus


Avatar
tildedennis
uncategorized version 1.2.0.1

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/28022/
Detection(s):
SecuriteInfo.com.PSW.Generic9.ASID.17602.28879.21516.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f06047b09abc77529969c5949deda36ff154539d1b9ed8942c22fbb307d8aac9/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2011-11-30 13:32:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb
VMZeuS
1f3842bc152088bc10de6e14adabf860902dee318375a6567e0b85a9faaed1f0
VMZeuS
233e70b105e8fe2f1e9a41b68f380359c8666cea3d9d587ec2ec823cdda2a330
VMZeuS
2fa19780fb5e238d3ac3491b18e2c795d0a4cc31d5c03c9b4a727613397c23e5
VMZeuS
37259fff5937e8c92679a70cff7fc4b81043451ce705c982398865b17c7fd2a5
VMZeuS
3ee04e378f6430e85f5756093e80b243c2ebbcb9f2ee77cc32acd1cd9e333301
VMZeuS
5c3bde59fa48471670841beba658fc9cfe707fac64b4b7f8446dd51a7706d133
VMZeuS
61b0aa94dc56585b7255398cd755e9db6fedd5b06ebca386b2dc5fddc8cf5478
VMZeuS
d1c4be3772ebe6d26f06e3e38ae667c3236e1f13658e652eed0aa14dac5f45f0
VMZeuS
e4cd3a3bbf851aea2645ff32eeb8fbe177b79bf8149737c52acb413b2ff13eb6
VMZeuS
+ 121 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200719-595n92qtre/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Drops autorun.inf file
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Drops autorun.inf file
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f06047b09abc77529969c5949deda36ff154539d1b9ed8942c22fbb307d8aac9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/uncategorized/
Cape
Cape
https://www.capesandbox.com/analysis/28022/

Comments