MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa3d1e0d938aea74098020ca657c0e138a88a25c267a90730cb603780621fb14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa3d1e0d938aea74098020ca657c0e138a88a25c267a90730cb603780621fb14
SHA3-384 hash: c3362c72e74461e23981acbd1b91b189705cacb450479513c800b6299fdf24f7b1286a16880a4e634132dbe06184d530
SHA1 hash: ccf908a46f10fd21bdd374c92941322ae29ba0d7
MD5 hash: b048524d77d04b45d39069074c5692a7
humanhash: georgia-island-fifteen-arkansas
File name:fa3d1e0d938aea74098020ca657c0e138a88a25c267a90730cb603780621fb14.bin
Download: download sample
Signature ZeuS
Create hunting rule
File size:77'824 bytes
First seen:2022-03-26 01:25:30 UTC
Last seen:2024-07-24 23:16:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:wBqYproJgcOIpQiCnIflp5lEZMX0z8h1/6vlVn5Ys:wBqY9oucOrclJOQ1GlIs
Threatray 2 similar samples on MalwareBazaar
TLSH T188737F2273B1C671C4B9C530AE4DDB29AE7A683414FD78E69E49D9833620FF2901F785
Reporter tildedennis
Tags:exe prg ZeuS


Avatar
tildedennis
prg version 10

Intelligence

File Origin
# of uploads :
3
# of downloads :
628
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/257943/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.12738033.23683.30244.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/623e6bac9253b276b772e26b/reports/7f82c990-e683-4737-878c-ea3d80c4f5dc/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5f2fb005-8444-4b1e-a1fc-30904c3151f4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/964985
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa3d1e0d938aea74098020ca657c0e138a88a25c267a90730cb603780621fb14/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2017-12-20 11:33:26 UTC
File Type:
PE (Exe)
AV detection:
20 of 42 (47.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7i6r4dmtrlvhicmaedfgk7aocofiris4ez5ja4ymwybxqbrb7mka._file
Verdict:
malicious
Similar samples:
d91dd9570b91f6846291a727b5ac816e627b11cd9772a40b8dd66ba06503a585
ZeuS
d9b129c1eb6c4e4aba085a039b13d7e895938c04e2ca8e6d4afe3f8317faa96d
ZeuS
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220326-btjhqsbfak/
Unpacked files
SH256 hash:
fa3d1e0d938aea74098020ca657c0e138a88a25c267a90730cb603780621fb14
MD5 hash:
b048524d77d04b45d39069074c5692a7
SHA1 hash:
ccf908a46f10fd21bdd374c92941322ae29ba0d7
Detections:
win_gpcode_auto
Create hunting rule
Link:
https://www.unpac.me/results/7e2e85d4-43dd-4efb-97f4-5598b7521610/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fa3d1e0d938aea74098020ca657c0e138a88a25c267a90730cb603780621fb14

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_gpcode_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.gpcode.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/prg/
Cape
Cape
https://www.capesandbox.com/analysis/257943/

Comments