MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f797a6431426ff04d0640dc3ae0aa4db3f0232d5d0cef3b7df9cd05da5d3acdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: f797a6431426ff04d0640dc3ae0aa4db3f0232d5d0cef3b7df9cd05da5d3acdb
SHA3-384 hash: 1c6b0cccd92937bac161ca8b57333aea26bcc1766be64ba5f1bcf57dc3848195ea7ee429d786441cc1bb913316709e38
SHA1 hash: 1c8d7676a6266c354734399b7e15cf293fcf1ee0
MD5 hash: eeccb8ea9937e00358b11af24b5eeee4
humanhash: four-october-magnesium-south
File name:zeus 1_1.2.7.18.vir
Download: download sample
Signature ZeuS
File size:242'176 bytes
First seen:2020-07-19 19:23:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8f0f096a10efde023c45ab463a49d60c
ssdeep 6144:C3RMBtOcUWpDsPbVNT98atvCZnHhfu+wdBoZ:/BtOZWpDsXT9tqhf4B2
TLSH 393412D2B43C0CFBE3D667752CA46B0A9B62994206E3A1510CE0E74F9D8DBC9059CF97
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.7.18

Intelligence


File Origin
# of uploads :
1
# of downloads :
17
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2014-04-07 01:42:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments