Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.
Post Reply
User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Mon Feb 06, 2012 7:31 am

Actual 14 samples.
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Fri Feb 10, 2012 7:29 am

15 samples, observed since 6 Feb.
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Wed Feb 15, 2012 8:07 am

12 samples of last 4 days
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Fri Feb 17, 2012 7:51 am

16 samples of last two days
You do not have the required permissions to view the files attached to this post.

User avatar
EX!
Posts: 35
Joined: Wed Jun 29, 2011 8:24 pm
Contact:

Re: Trojan Zeus (alias ZBot)

Post by EX! » Fri Feb 17, 2012 5:57 pm

zbot
SHA256: d692760e4614ae96f281522c80996e1ed9d31f29f5f9d4dbbd75481f649c2bb7
Detecciones: 1 / 42

NOD32 a variant of Win32/Injector.OEC 20120217


:D
You do not have the required permissions to view the files attached to this post.

markusg
Posts: 733
Joined: Mon Mar 15, 2010 2:53 pm

Re: Trojan Zeus (alias ZBot)

Post by markusg » Sat Feb 18, 2012 4:52 pm

i think its zbot
SHA256:
3f2cc71d5aa1c91ff84ac32e2eb18c24e2ca9c57ef8999a210ba00e4636cff1b 
File name:
1C7E33AD86ED29744440.exe 
Detection ratio:
3 / 43 
https://www.virustotal.com/file/3f2cc71 ... 329582020/

securewebtests.com/lcr/tuktuk.php?id=38BA2BE7444E41537355cmd=img
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Sat Feb 18, 2012 6:06 pm

markusg wrote:i think its zbot
SHA256:
3f2cc71d5aa1c91ff84ac32e2eb18c24e2ca9c57ef8999a210ba00e4636cff1b 
Not ZBot (already by behaviour).
But GEMA.

Image

Cody Johnston
Posts: 158
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Contact:

Re: Trojan Zeus (alias ZBot)

Post by Cody Johnston » Mon Feb 20, 2012 11:25 am

New Sample - Low Detection

MD5: 492ae45cbeafb9daee2d4d6dc4d565ae

1/43

https://www.virustotal.com/file/bb60a94 ... /analysis/

dumped .tmp and .exe files from temp dir included in archive

:D
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Tue Feb 21, 2012 2:53 pm

11 droppers of last few days
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Fri Feb 24, 2012 6:12 pm

13 ZBot droppers, last few days observed
You do not have the required permissions to view the files attached to this post.

Post Reply