MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6
SHA3-384 hash:	a73412bef7e981cc3164bb65e16d8ba229b49c156b2329f580eb7855f00f2c2771d26f0a88aa204f58a87a6b355983eb
SHA1 hash:	f86cdd91174265345c013fefac1a260d3de85c23
MD5 hash:	33d2c3155d673293e9de6c7392b44a7d
humanhash:	london-robert-montana-pluto
File name:	grabbot_0.1.6.4.vir
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	389'440 bytes
First seen:	2020-07-19 17:27:04 UTC
Last seen:	2020-07-19 19:17:46 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e1fc750fd1b681dec0de715ec4642d03 (1 x ZeuS)
ssdeep	6144:v85Fl9y03DqMoEiL8prJFxU7w8T67P9JcSzwHCiuhaotGXlDx8spVDelPWRJ:v833+LL8prJbhj9eSzoCZIlDx8sDqs
Threatray	29 similar samples on MalwareBazaar
TLSH	A884230ABAC00F30FAD756B0069D131B8D366BD407560A97D1FE6DC1AB963C257B236E
Reporter	tildedennis
Tags:	grabbot ZeuS

tildedennis

grabbot version 0.1.6.4

Intelligence

File Origin

# of uploads :

# of downloads :

111

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27993/

Detection(s):

SecuriteInfo.com.PSW.Generic13.DB.16633.8279.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %AppData% subdirectories

Sending a custom TCP request

Creating a file

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Unauthorized injection to a system process

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/389824

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6/

Threat name:

Win32.Trojan.Razy

Status:

Malicious

First seen:

2016-02-20 00:43:00 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-zt53svcz6x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Adds Run key to start application

Checks whether UAC is enabled

Reads user/profile data of web browsers

Suspicious use of NtCreateProcessExOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/grabbot/

Cape

https://www.capesandbox.com/analysis/27993/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample