MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04af2427e4e229d16c7c3bde0898b09abea9625bdd22f6a229a9d0bf0c6d57c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 04af2427e4e229d16c7c3bde0898b09abea9625bdd22f6a229a9d0bf0c6d57c5
SHA3-384 hash: cab652fb5531a42b01e7ee89c6c529091884ca6bfea8a01c267fb5b15ef6e3ebb2e918e095b6abd96de365095d0edda1
SHA1 hash: 2fb758c34566152131f4124e230e135812247258
MD5 hash: be69aea7aa08096ad0cb2efa623a9917
humanhash: green-freddie-maryland-burger
File name:grabbot_0.1.6.8.vir
Download: download sample
Signature n/a
File size:561'152 bytes
First seen:2020-07-19 19:43:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 13cb033ff5ce2f68f14266410a55d713
ssdeep 12288:c/33cmrEyzqCPenrH2pDA2XZPZ94P+x780dGna:c/YyzqKIrWhA2XiS78yGna
TLSH 81C4CFB12944E073C3570CB3019DDA611D256B3E7652EE4AB7F0B9F4AB332E17298267
Reporter @tildedennis
Tags:grabbot


Twitter
@tildedennis
grabbot version 0.1.6.8

Intelligence


File Origin
# of uploads :
1
# of downloads :
26
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2017-12-01 03:46:14 UTC
AV detection:
21 of 28 (75.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks whether UAC is enabled
Adds Run key to start application
Adds Run key to start application
Deletes itself
Reads user/profile data of web browsers
Deletes itself
Reads user/profile data of web browsers
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments