MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdaba3f0e49475409607ec915599d216ef30351eb34e6c52716a74921285c994. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments

SHA256 hash: fdaba3f0e49475409607ec915599d216ef30351eb34e6c52716a74921285c994
SHA3-384 hash: 41a0a8ab1f67587269d983032537a1015da15695fead768c89ab9d318dd2e03077e6bf44f2d9743e9de801c975144c1e
SHA1 hash: 5f69352894ed9a03ad1aac338605e823802545ee
MD5 hash: b4bd8726c7a17ed5d3e99069a8e5872c
humanhash: equal-two-earth-earth
File name:fdaba3f0e49475409607ec915599d216ef30351eb34e6c52716a74921285c994
Download: download sample
Signature ZeuS
File size:141'824 bytes
First seen:2021-03-28 01:39:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 28e141e08402af84d2753cccce4d826e (1 x ZeuS)
ssdeep 3072:nQuqviK2I7eGKyQCYxyoAIdA71BSFR5JD3AIP2+MDxIQeo:n9qKKFeG5oAPhBSFbJD3VPZQv
Threatray 131 similar samples on MalwareBazaar
TLSH B5D3AFA67580A0F3C9AB1272BA69776573FF893427349C83D3244D293972993731E70B
Reporter @tildedennis
Tags:uncategorized ZeuS


Twitter
@tildedennis
uncategorized version 1.5.8.9

Intelligence


File Origin
# of uploads :
1
# of downloads :
1'161
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fdaba3f0e49475409607ec915599d216ef30351eb34e6c52716a74921285c994
Verdict:
Malicious activity
Analysis date:
2021-03-28 01:42:50 UTC
Tags:
trojan

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Detection:
malicious
Classification:
bank.troj
Score:
72 / 100
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected ZeusVM e-Banking Trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-09-01 18:21:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Modifies Internet Explorer settings
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
fdaba3f0e49475409607ec915599d216ef30351eb34e6c52716a74921285c994
MD5 hash:
b4bd8726c7a17ed5d3e99069a8e5872c
SHA1 hash:
5f69352894ed9a03ad1aac338605e823802545ee

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments