MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f797a6431426ff04d0640dc3ae0aa4db3f0232d5d0cef3b7df9cd05da5d3acdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: f797a6431426ff04d0640dc3ae0aa4db3f0232d5d0cef3b7df9cd05da5d3acdb
SHA3-384 hash: 1c6b0cccd92937bac161ca8b57333aea26bcc1766be64ba5f1bcf57dc3848195ea7ee429d786441cc1bb913316709e38
SHA1 hash: 1c8d7676a6266c354734399b7e15cf293fcf1ee0
MD5 hash: eeccb8ea9937e00358b11af24b5eeee4
humanhash: four-october-magnesium-south
File name:zeus 1_1.2.7.18.vir
Download: download sample
Signature ZeuS
File size:242'176 bytes
First seen:2020-07-19 19:23:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8f0f096a10efde023c45ab463a49d60c (1 x ZeuS)
ssdeep 6144:C3RMBtOcUWpDsPbVNT98atvCZnHhfu+wdBoZ:/BtOZWpDsXT9tqhf4B2
Threatray 100 similar samples on MalwareBazaar
TLSH 393412D2B43C0CFBE3D667752CA46B0A9B62994206E3A1510CE0E74F9D8DBC9059CF97
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.7.18

Intelligence


File Origin
# of uploads :
1
# of downloads :
63
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2014-04-07 01:42:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments