MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f10634d37d3220faafddb7f5078cac8f2b6ed2a472ad68ff4b66e73908eb0706. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 7 File information Yara Comments

SHA256 hash: f10634d37d3220faafddb7f5078cac8f2b6ed2a472ad68ff4b66e73908eb0706
SHA3-384 hash: 88bf85e720f5b4c0663342141a3f7b41f4cef969068ea447d95309b0a35d40aac3339f5d96065d1128951bac8c1b4ca0
SHA1 hash: 0e640b1c49de1eeab7edb68cc238fb76295bccf0
MD5 hash: 79a3c92e95423905cd5fce2d2779c4c9
humanhash: maryland-neptune-lithium-bakerloo
File name:zeus 1_1.2.1.9.vir
Download: download sample
Signature ZeuS
File size:787'968 bytes
First seen:2020-07-19 19:24:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 085840402f7f1462866867bce0b385cb
ssdeep 24576:td5NM/nDTCWfXKWRsCvrpffhfdKBjWbPGiaA:1N8nDTCWf6WNvrpVaybPT
TLSH 74F4235DB5C436C5CF74EA360DECF5D3D3A6B45F7824E2A20C46994B8560B422CB1BE1
Reporter @tildedennis
Tags:ZeuS zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.1.9

Intelligence


File Origin
# of uploads :
1
# of downloads :
17
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Spyware.Zbot
Status:
Malicious
First seen:
2011-05-29 14:02:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments