Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.
User avatar
rkhunter
Posts: 1154
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Mon Mar 26, 2012 4:26 pm

I know that many U.S. companies/providers resell hosting to eastern Europe companies, so this is not unusual.

NarfBang
Posts: 17
Joined: Thu Jun 30, 2011 4:29 pm

Re: Trojan Zeus (alias ZBot)

Post by NarfBang » Wed Mar 28, 2012 1:42 pm

Interesting piece on NBC the other night.

http://www.msnbc.msn.com/id/21134540/vp ... 6#46815636

User avatar
rkhunter
Posts: 1154
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Thu Mar 29, 2012 9:31 am


User avatar
Maxstar
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am

Re: Trojan Zeus (alias ZBot)

Post by Maxstar » Thu Mar 29, 2012 1:58 pm

I think this is a also a Zbot / Zeus sample!

https://www.virustotal.com/file/8a30fbe ... /analysis/
MD5: c215cba7566628f984f8649f1218963a
Detection ratio: 3 / 42
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Fri Mar 30, 2012 8:55 am, edited 1 time in total.
Reason: password added

User avatar
rkhunter
Posts: 1154
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Fri Mar 30, 2012 7:29 am

New modifications of ZBot were observed at last two days: PWS:Win32/Zbot.AES, PWS:Win32/Zbot.AET.
Droppers in attach.
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1154
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Fri Mar 30, 2012 7:32 am

Maxstar wrote:I think this is a also a Zbot / Zeus sample!
If I not mistaken, archive without password actually. Reupload, please.

User avatar
Maxstar
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am

Re: Trojan Zeus (alias ZBot)

Post by Maxstar » Fri Mar 30, 2012 7:58 am

rkhunter wrote:
Maxstar wrote:I think this is a also a Zbot / Zeus sample!
If I not mistaken, archive without password actually. Reupload, please.
I can't edit my post anymore, but I will send a PM to one of the moderators.
I also uploaded this sample by Emsisoft and MBAM and they don't want password protected archives so I have uploaded here the wrong archive. sorry. :oops:

User avatar
rkhunter
Posts: 1154
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Sun Apr 01, 2012 12:16 pm

ZBot collection, observed last 10 days.

http://narod.ru/disk/44870347001.f93d33 ... t.zip.html

User avatar
EP_X0FF
Global Moderator
Posts: 4806
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by EP_X0FF » Mon Apr 02, 2012 1:51 am

PWS Zbot extracted from BH EK. In archive dropper + unpacked.

4 / 42
https://www.virustotal.com/file/f2b32a4 ... /analysis/
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

Evilcry
Posts: 135
Joined: Tue Apr 20, 2010 6:10 pm

Re: Trojan Zeus (alias ZBot)

Post by Evilcry » Tue Apr 03, 2012 2:25 pm

A gift from ZeuS for passengers of US Airways
http://www.securelist.com/en/blog/20819 ... US_Airways

In the footer available the list of ZeuS MD5 hashes involved.

Post Reply