MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6
SHA3-384 hash: a73412bef7e981cc3164bb65e16d8ba229b49c156b2329f580eb7855f00f2c2771d26f0a88aa204f58a87a6b355983eb
SHA1 hash: f86cdd91174265345c013fefac1a260d3de85c23
MD5 hash: 33d2c3155d673293e9de6c7392b44a7d
humanhash: london-robert-montana-pluto
File name:grabbot_0.1.6.4.vir
Download: download sample
Signature ZeuS
File size:389'440 bytes
First seen:2020-07-19 17:27:04 UTC
Last seen:2020-07-19 19:17:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e1fc750fd1b681dec0de715ec4642d03
ssdeep 6144:v85Fl9y03DqMoEiL8prJFxU7w8T67P9JcSzwHCiuhaotGXlDx8spVDelPWRJ:v833+LL8prJbhj9eSzoCZIlDx8sDqs
TLSH A884230ABAC00F30FAD756B0069D131B8D366BD407560A97D1FE6DC1AB963C257B236E
Reporter @tildedennis
Tags:grabbot ZeuS


Twitter
@tildedennis
grabbot version 0.1.6.4

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Sending a custom TCP request
Creating a file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Razy
Status:
Malicious
First seen:
2016-02-20 00:43:00 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Adds Run key to start application
Checks whether UAC is enabled
Reads user/profile data of web browsers
Suspicious use of NtCreateProcessExOtherParentProcess
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments