Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.

Re: Trojan Zeus (alias ZBot)

Postby Evilcry » Tue Aug 14, 2012 12:28 pm

SHA256: 9f5d3033392671e5b545461fb90370ff2f40d2378b8029a0022aa95c187b656d
SHA1: e325aec4539dd69b727db5c21febf5932e47a808
MD5: f4a01eb1739624041556980d0c80b82b

https://www.virustotal.com/file/9f5d303 ... 344946212/

Detection ratio: 3 / 42

Provenience: Compromised Web Server

Target Countries (Banks, etc.): Japan, Germany, Italy, Poland, other various .com (probably UK and USA)
You do not have the required permissions to view the files attached to this post.
Evilcry
 
Posts: 135
Joined: Tue Apr 20, 2010 6:10 pm
Reputation point: 90

Re: Trojan Zeus (alias ZBot)

Postby Evilcry » Sat Aug 25, 2012 7:24 am

SHA256: f24273a466d8543357959feca85441fd3c621ee170439a3a6aebcf1d9830df07
SHA1: cae319a34dc0659ec948e662399ecd44c3e40396
MD5: 4e198dcc2a1a74b5c23ea16095a0a68d

Detection: 5 / 42

https://www.virustotal.com/file/f24273a ... 345877208/

Targets: Germany, Italy, Poland, UK, USA
You do not have the required permissions to view the files attached to this post.
Evilcry
 
Posts: 135
Joined: Tue Apr 20, 2010 6:10 pm
Reputation point: 90

Re: Trojan Zeus (alias ZBot)

Postby Evilcry » Sun Aug 26, 2012 8:21 am

Following sample is an updated version of the one mentioned in the previous post.

SHA256: b7bbb0d1e03b1b8dd8d8c62317e52910a610b429c82e9a0afef84a1fd19e0e22
SHA1: 7b0d57a745b23376035f1b9b90af41cd495fdb77
MD5: 220b9661371e1728e366b4e00d41580d

Detection: 0/40

https://www.virustotal.com/file/b7bbb0d ... 345968230/

Targets: Unchanged

The domain containing the executable is reported below:

http://www.phishtank.com/phish_detail.p ... id=1539409
You do not have the required permissions to view the files attached to this post.
Evilcry
 
Posts: 135
Joined: Tue Apr 20, 2010 6:10 pm
Reputation point: 90

Re: Trojan Zeus (alias ZBot)

Postby Aleksandra » Mon Aug 27, 2012 4:05 pm

MD5: 0d6eb87ce2267ad4e079d3710562960f
SHA1: 7298bccc75876ad088d1843aaf62fb7f1e410784
1/42
You do not have the required permissions to view the files attached to this post.
User avatar
Aleksandra
 
Posts: 79
Joined: Sun Jun 05, 2011 9:34 pm
Reputation point: 22

Re: Trojan Zeus (alias ZBot)

Postby markusg » Thu Aug 30, 2012 12:30 pm

4x zbot from infected pc
You do not have the required permissions to view the files attached to this post.
markusg
 
Posts: 713
Joined: Mon Mar 15, 2010 2:53 pm
Reputation point: 141

Re: Trojan Zeus (alias ZBot)

Postby nullptr » Mon Sep 17, 2012 4:58 am

Zbot
SHA1: 0fcd206f18af66a14456ad5dc3fa2d5657e9e81c
MD5: c22d41c077787f2010abbc2b32a66e74

VT - 3/42 https://www.virustotal.com/file/10840ed ... 347857430/
original + unpacked attached
You do not have the required permissions to view the files attached to this post.
nullptr
 
Posts: 210
Joined: Sun Mar 14, 2010 6:35 am
Reputation point: 100

Re: Trojan Zeus (alias ZBot)

Postby Waves97 » Wed Sep 19, 2012 12:22 pm

MD5: e06c6eaab528697406577eada8c6702e
https://www.virustotal.com/file/b59df8f ... 348056754/
You do not have the required permissions to view the files attached to this post.
User avatar
Waves97
 
Posts: 33
Joined: Sat Jun 02, 2012 4:41 pm
Location: Poland
Reputation point: 5

Re: Malware Requests, part 2

Postby guelfoweb » Wed Sep 26, 2012 1:36 pm

A new Zbot variant with antidebug. It not work on virtual machine.

VirusTotal: http://goo.gl/tlKS0
Anubis: http://goo.gl/j3X4f
You do not have the required permissions to view the files attached to this post.
guelfoweb
 
Posts: 2
Joined: Sun Jul 10, 2011 3:50 pm
Reputation point: 0

Re: Trojan Zeus (alias ZBot)

Postby EP_X0FF » Sun Sep 30, 2012 5:59 am

Symantec: New ZeuS botnet no longer needs central command servers
https://www.networkworld.com/news/2012/ ... 56462.html
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562


PreviousNext

Return to Malware

Who is online

Users browsing this forum: No registered users and 6 guests