MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f831d088c3a64b06843d970337f1c8877c9c1988d56720a7dee9d67efeaf78f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f831d088c3a64b06843d970337f1c8877c9c1988d56720a7dee9d67efeaf78f0
SHA3-384 hash: 0dc01039296cc57cd48d0d1ad9a9428beeb1e2b83a9089b704c647cf798eded988d0afc3b6899558dfebaa64ebb2d919
SHA1 hash: 91a27477c847ebf9ef3e2cb34e0bc93e323f449d
MD5 hash: 0ad89e86b34a226ff2a3042103afc7f1
humanhash: river-one-fillet-fish
File name:0ad89e86b34a226ff2a3042103afc7f1.bin
Download: download sample
Signature ZeuS
Create hunting rule
File size:96'256 bytes
First seen:2022-07-09 01:59:47 UTC
Last seen:2022-07-09 02:30:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ef02dd1adb61f4fee262f301b547fa3 (1 x ZeuS)
ssdeep 1536:uxDWt8Z1R4ayClVUbHTcM7Y62lO+5FZyoaGSMCDjTyF1ac9OtRHhmV:+Wt8ZIalVQzccKO+5FqBIItRAV
Threatray 118 similar samples on MalwareBazaar
TLSH T18693021941C6B4ABEAA44BF71BB5F117302413A14FB246E259A76E3FCF793CE0294349
TrID 32.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
28.9% (.EXE) Win32 Executable (generic) (4505/5/1)
13.0% (.EXE) OS/2 Executable (generic) (2029/13)
12.8% (.EXE) Generic Win/DOS Executable (2002/3)
12.8% (.EXE) DOS Executable Generic (2000/1)
Reporter tildedennis
Tags:exe ZeuS zitmo


Avatar
tildedennis
zitmo version 2.0.8.0

Intelligence

File Origin
# of uploads :
2
# of downloads :
614
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/285740/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Panda.517.4223.19679.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/24673/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/62c8e125783441cda119c451/reports/adb6145c-92a9-42a9-8cff-c076d403c98d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Zeus
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/da120542-8a39-4297-abda-15dda204f55d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1027621
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f831d088c3a64b06843d970337f1c8877c9c1988d56720a7dee9d67efeaf78f0/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2011-06-10 23:15:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
24 of 25 (96.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ay5bcgduzfqnbb5s4btp4oiq56jygmi2vtsbj665hlh57vppdya._file
Verdict:
malicious
Similar samples:
06a0b2c3fc763506f6340dc4f582f7980378f7ededfb807541afeeca0499d8cd
ZeuS
0a98d7b4d1079a8819a6bd0898de2e00a5598c1e5233aa095bea36a18353b4bb
ZeuS
384b428ee37172b35609f98978087a5769a3f80f18e570b117daf86f92d571de
ZeuS
4763270a84a8a6d756eaf4b5d9ed3b6a0e9e254c682f075a5338247dca3403a3
ZeuS
9cd8955eea9a9bdadff4a4b0a05d95d3a88aadfdcb003560a524f2b0f58fdce8
ZeuS
a3acf9fe9ff9fe3ddd9f458a45e6eace5542f758ff7b6fa25552a88cea85304b
ZeuS
a528a64239d8092885fab758be0c7307ada3173b8c9039b10e8a713f9d7e16c1
ZeuS
be8703a1df11cbc97e900ed1d88fe5b37501083595912f9b6844e8dcf4299d9d
ZeuS
e0f986f757f76ddb07e207943416c63ea8d26149fbf06c6d76eb892439d15346
ZeuS
f25dbbf0fa848086e454d05017af1157fe267fc7d7901ca23c0be8bee549426b
ZeuS
+ 108 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/220709-cez3lsdfh3/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
00c683dffbf9f5f340dffc076db4a980ba0ced6fb4b1796856945705a4fd2b80
MD5 hash:
d2feaa53322bba25c566d0f88f9cfac3
SHA1 hash:
8c741b433d916440d6f2a4a7b92deff5c5d2008b
Link:
https://www.unpac.me/results/b506e36c-ee88-4477-960b-d40aff08e22b/
SH256 hash:
f831d088c3a64b06843d970337f1c8877c9c1988d56720a7dee9d67efeaf78f0
MD5 hash:
0ad89e86b34a226ff2a3042103afc7f1
SHA1 hash:
91a27477c847ebf9ef3e2cb34e0bc93e323f449d
Link:
https://www.unpac.me/results/b506e36c-ee88-4477-960b-d40aff08e22b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zbot
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/f831d088c3a64b06843d970337f1c8877c9c1988d56720a7dee9d67efeaf78f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zitmo/
Cape
Cape
https://www.capesandbox.com/analysis/285740/

Comments