Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.

Re: Trojan Zeus (alias ZBot)

Postby Maxstar » Wed Apr 04, 2012 9:41 am

Just received by mail (Zbot / Zeus)

rapport.pdf.exe
https://www.virustotal.com/file/7c7d876 ... 333532039/
MD5: a025d1e92bb21a1f494059fb12280802
Detection ratio: 5 / 42
You do not have the required permissions to view the files attached to this post.
User avatar
Maxstar
 
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am
Reputation point: 39

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Thu Apr 05, 2012 8:31 am

Evilcry wrote:A gift from ZeuS for passengers of US Airways
http://www.securelist.com/en/blog/20819 ... US_Airways

In the footer available the list of ZeuS MD5 hashes involved.

PWS:Win32/Zbot.gen!AF
https://twitter.com/#!/msftmmpc/status/ ... 8585039873
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby nullptr » Thu Apr 05, 2012 12:30 pm

MD5: 42DDF04F7C2E0B9D7F76B332A549EBE6
5/42 - https://www.virustotal.com/file/618d1ea ... 333628305/

dropper + unpacked in attachment
You do not have the required permissions to view the files attached to this post.
nullptr
 
Posts: 210
Joined: Sun Mar 14, 2010 6:35 am
Reputation point: 100

Re: Trojan Zeus (alias ZBot)

Postby Maxstar » Tue Apr 10, 2012 10:51 am

Just recieved by mail

rapport.pdf.exe (Zeus / Zbot)
https://www.virustotal.com/file/d652e56 ... 334054761/
MD5: b849d83081ff7bfe236d32893de8adb9
Detection ratio: 5 / 42
You do not have the required permissions to view the files attached to this post.
User avatar
Maxstar
 
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am
Reputation point: 39

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Tue Apr 10, 2012 11:05 am

User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby Maxstar » Wed Apr 11, 2012 9:49 am

Zeus / Zbot

rapport.pdf1
https://www.virustotal.com/file/dbf4757 ... 334137361/
MD5: b3dde60b637221449e2a61328e5fc55a
Detection ratio: 6 / 40
You do not have the required permissions to view the files attached to this post.
User avatar
Maxstar
 
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am
Reputation point: 39

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Thu Apr 12, 2012 6:09 pm

Guys, I wondered that most ZBot c&c hosted at Europe and US area...
And another, why is still functioning...and not taken down?

Image

Source - https://zeustracker.abuse.ch/
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby EP_X0FF » Fri Apr 13, 2012 2:35 am

rkhunter wrote:And another, why is still functioning...and not taken down?


This is called freedom.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4765
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Fri Apr 13, 2012 5:29 am

Critical analysis of Microsoft Operation B71 (against ZBot/Zeus/SpyEye botnet)
http://blog.fox-it.com/2012/04/12/critical-analysis-of-microsoft-operation-b71/
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby EP_X0FF » Fri Apr 13, 2012 6:01 am

Typical butthurt.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4765
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

PreviousNext

Return to Malware

Who is online

Users browsing this forum: Fedor22 and 9 guests