Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Mon Mar 26, 2012 4:26 pm

I know that many U.S. companies/providers resell hosting to eastern Europe companies, so this is not unusual.
User avatar
rkhunter
 
Posts: 1147
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby NarfBang » Wed Mar 28, 2012 1:42 pm

Interesting piece on NBC the other night.

http://www.msnbc.msn.com/id/21134540/vp ... 6#46815636
NarfBang
 
Posts: 17
Joined: Thu Jun 30, 2011 4:29 pm
Reputation point: 5

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Thu Mar 29, 2012 9:31 am

User avatar
rkhunter
 
Posts: 1147
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby Maxstar » Thu Mar 29, 2012 1:58 pm

I think this is a also a Zbot / Zeus sample!

https://www.virustotal.com/file/8a30fbe ... /analysis/
MD5: c215cba7566628f984f8649f1218963a
Detection ratio: 3 / 42
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Fri Mar 30, 2012 8:55 am, edited 1 time in total.
Reason: password added
User avatar
Maxstar
 
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am
Reputation point: 39

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Fri Mar 30, 2012 7:29 am

New modifications of ZBot were observed at last two days: PWS:Win32/Zbot.AES, PWS:Win32/Zbot.AET.
Droppers in attach.
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1147
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Fri Mar 30, 2012 7:32 am

Maxstar wrote:I think this is a also a Zbot / Zeus sample!

If I not mistaken, archive without password actually. Reupload, please.
User avatar
rkhunter
 
Posts: 1147
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby Maxstar » Fri Mar 30, 2012 7:58 am

rkhunter wrote:
Maxstar wrote:I think this is a also a Zbot / Zeus sample!

If I not mistaken, archive without password actually. Reupload, please.

I can't edit my post anymore, but I will send a PM to one of the moderators.
I also uploaded this sample by Emsisoft and MBAM and they don't want password protected archives so I have uploaded here the wrong archive. sorry. :oops:
User avatar
Maxstar
 
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am
Reputation point: 39

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Sun Apr 01, 2012 12:16 pm

ZBot collection, observed last 10 days.

http://narod.ru/disk/44870347001.f93d33 ... t.zip.html
User avatar
rkhunter
 
Posts: 1147
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby EP_X0FF » Mon Apr 02, 2012 1:51 am

PWS Zbot extracted from BH EK. In archive dropper + unpacked.

4 / 42
https://www.virustotal.com/file/f2b32a4 ... /analysis/
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4759
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: Trojan Zeus (alias ZBot)

Postby Evilcry » Tue Apr 03, 2012 2:25 pm

A gift from ZeuS for passengers of US Airways
http://www.securelist.com/en/blog/20819 ... US_Airways

In the footer available the list of ZeuS MD5 hashes involved.
Evilcry
 
Posts: 135
Joined: Tue Apr 20, 2010 6:10 pm
Reputation point: 90

PreviousNext

Return to Malware

Who is online

Users browsing this forum: Yahoo [Bot] and 17 guests

cron