Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.
User avatar
Maxstar
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am

Re: Trojan Zeus (alias ZBot)

Post by Maxstar » Wed Apr 04, 2012 9:41 am

Just received by mail (Zbot / Zeus)

rapport.pdf.exe
https://www.virustotal.com/file/7c7d876 ... 333532039/
MD5: a025d1e92bb21a1f494059fb12280802
Detection ratio: 5 / 42
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Thu Apr 05, 2012 8:31 am

Evilcry wrote:A gift from ZeuS for passengers of US Airways
http://www.securelist.com/en/blog/20819 ... US_Airways

In the footer available the list of ZeuS MD5 hashes involved.
PWS:Win32/Zbot.gen!AF
https://twitter.com/#!/msftmmpc/status/ ... 8585039873

nullptr
Posts: 209
Joined: Sun Mar 14, 2010 6:35 am

Re: Trojan Zeus (alias ZBot)

Post by nullptr » Thu Apr 05, 2012 12:30 pm

MD5: 42DDF04F7C2E0B9D7F76B332A549EBE6
5/42 - https://www.virustotal.com/file/618d1ea ... 333628305/

dropper + unpacked in attachment
You do not have the required permissions to view the files attached to this post.

User avatar
Maxstar
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am

Re: Trojan Zeus (alias ZBot)

Post by Maxstar » Tue Apr 10, 2012 10:51 am

Just recieved by mail

rapport.pdf.exe (Zeus / Zbot)
https://www.virustotal.com/file/d652e56 ... 334054761/
MD5: b849d83081ff7bfe236d32893de8adb9
Detection ratio: 5 / 42
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Tue Apr 10, 2012 11:05 am


User avatar
Maxstar
Posts: 88
Joined: Wed Jan 26, 2011 10:20 am

Re: Trojan Zeus (alias ZBot)

Post by Maxstar » Wed Apr 11, 2012 9:49 am

Zeus / Zbot

rapport.pdf1
https://www.virustotal.com/file/dbf4757 ... 334137361/
MD5: b3dde60b637221449e2a61328e5fc55a
Detection ratio: 6 / 40
You do not have the required permissions to view the files attached to this post.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Thu Apr 12, 2012 6:09 pm

Guys, I wondered that most ZBot c&c hosted at Europe and US area...
And another, why is still functioning...and not taken down?

Image

Source - https://zeustracker.abuse.ch/

User avatar
EP_X0FF
Global Moderator
Posts: 4808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by EP_X0FF » Fri Apr 13, 2012 2:35 am

rkhunter wrote:And another, why is still functioning...and not taken down?
This is called freedom.
Ring0 - the source of inspiration

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by rkhunter » Fri Apr 13, 2012 5:29 am

Critical analysis of Microsoft Operation B71 (against ZBot/Zeus/SpyEye botnet)
http://blog.fox-it.com/2012/04/12/criti ... ation-b71/

User avatar
EP_X0FF
Global Moderator
Posts: 4808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan Zeus (alias ZBot)

Post by EP_X0FF » Fri Apr 13, 2012 6:01 am

Typical butthurt.
Ring0 - the source of inspiration

Post Reply