Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Sat Jul 07, 2012 10:10 am

Another 3 samples with same crypter, just with a few differences

7 / 41 https://www.virustotal.com/file/1bd5f61 ... /analysis/
MD5: 31cf2ccf68f7a1619557b4419df695a7
SHA1: f88a9ddf11fa6a897c555ce9116dba931fde22c5


16 / 41 https://www.virustotal.com/file/5de9d8d ... /analysis/
MD5: 48f9e3ac24d25d29d6bf49d740315e93
SHA1: 07196dbb66efb55d76b5e90c38142bc33f97e346


8 / 42 https://www.virustotal.com/file/b22548b ... /analysis/
MD5: 76b3cb955487f1665040c5647bf12f56
SHA1: 6840405767e8af443346933daed0897ce111a73e


Copies itself with random name into %appdata%\random_folder_name\random_file_name
Autorun from HKCU\Software\Microsoft\Windows\CurrentVersion\Run\{CLSID}
Completely hangs my WinXPSP3 (with help of injections)...

Anti-emu trick
Image
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Wed Jul 11, 2012 11:44 am

Another two samples with same crypter.

SHA1: 13e641e3bd50be036f11b723d638cad3113ab888
MD5: 4adfa56c29697b7da23fda1eb28e944b

SHA1: 738d1e5e09dc5dd7bcb1159b373082bc798cb613
MD5: e1dc32531343a9a4a1d26653913056e2
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby EX! » Thu Jul 12, 2012 8:24 pm

Zbot
SHA256: 5580c303f71e1953df06284f85ae9945b5409ea8990cc610c4273fe1c2c6d085
Nombre: we3r.exe
Detecciones: 3 / 40

https://www.virustotal.com/file/5580c30 ... 342124411/


Bye :mrgreen:
You do not have the required permissions to view the files attached to this post.
User avatar
EX!
 
Posts: 35
Joined: Wed Jun 29, 2011 8:24 pm
Reputation point: 11

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Sat Jul 14, 2012 4:27 pm

I'm really surprised that distribution of ZBot does not go down after MS disrupted it botnet.

SHA1: 2a3afcbea8eab0af728074961efa2261e4caac5b
MD5: 6ab0e184b719f0736f2d5a5aed237081

SHA1: e269e29f318838b98734677e7b0948a24fe0678c
MD5: d69f7006bcc39b8f3f9d64c2e53c201f

SHA1: a19cfa21cda25cc95663073d420f37518e271b76
MD5: ecd99c603ba277a4b08a66cd7c0c0a42


Samples with MD5 inside.
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby DWS94 » Thu Jul 19, 2012 12:27 pm

MD5: 7f0a5823cf07e2aa53171204ceacd77b
https://www.virustotal.com/file/2e84e79 ... /analysis/ 2 / 42
You do not have the required permissions to view the files attached to this post.
DWS94
 
Posts: 13
Joined: Fri Jun 01, 2012 4:49 pm
Reputation point: 1

Re: Trojan Zeus (alias ZBot)

Postby dumb110 » Mon Jul 23, 2012 10:31 am

You do not have the required permissions to view the files attached to this post.
dumb110
 
Posts: 105
Joined: Tue Jun 05, 2012 1:29 pm
Reputation point: 5

Re: Trojan Zeus (alias ZBot)

Postby dumb110 » Tue Jul 24, 2012 11:26 am

3 more zbot samples! :lol:
You do not have the required permissions to view the files attached to this post.
dumb110
 
Posts: 105
Joined: Tue Jun 05, 2012 1:29 pm
Reputation point: 5

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Mon Jul 30, 2012 5:31 pm

SHA1: 0ddb5eab870ad4b0092fafa8173aaa8eba05505f
MD5: 08f75835042c914b3beed2d139a460c2

SHA1: 2406897397594062395ae942ac8fe4447a6ad2dc
MD5: 2b4abf6e80586f8f60569b7c59423ba9
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Tue Aug 14, 2012 8:14 am

SHA256: 92146079f5fe8f0c3638010debaf61c33df2ac2cbb792b9ec17304555e78f502
SHA1: 206d4c3a2de8455007161f429016acaee5a2fa31
MD5: dfe68028f0b66793838f5974575123a4

[4 / 42] https://www.virustotal.com/file/9214607 ... /analysis/
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby 360Tencent » Tue Aug 14, 2012 10:29 am

360Tencent
 
Posts: 116
Joined: Thu Dec 15, 2011 12:47 pm
Reputation point: 52

PreviousNext

Return to Malware

Who is online

Users browsing this forum: Fedor22 and 9 guests