MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a30a352a65cf6ad2b9b8266617709672c777e58edaa625946d77aca427cd352. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 1a30a352a65cf6ad2b9b8266617709672c777e58edaa625946d77aca427cd352
SHA3-384 hash: 6665ec72e3db84744400d6d8455b9b06047d60efc67ebc9eb8fb924160e584c0a28a9f76d5b47c5437ddfe364ac73806
SHA1 hash: 48350a8e3ee59460e6c2ba9c1262badf7f6337cb
MD5 hash: 3f960c539c5696037846a1e6117fbde2
humanhash: lion-connecticut-alabama-north
File name:murofet_0.0.0.8.vir
Download: download sample
Signature ZeuS
File size:168'960 bytes
First seen:2020-07-19 19:50:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6964f717e1caecfb68792e30175c69ff
ssdeep 3072:5TTRrR+ukVyp+Yl/OleGLWaEKjwRGIVeKKaqi0lvzL7QWDy0viqD9I3eRph3:5vMy80/OwkWaE4wRGIJMRFfUcbviqqO
TLSH 92F312E6DF6308B0C12D127E32E7734747A9A69A5DE0DDCF03C05A9CAA24966703C767
Reporter @tildedennis
Tags:murofet ZeuS


Twitter
@tildedennis
murofet version 0.0.0.8

Intelligence


File Origin
# of uploads :
1
# of downloads :
42
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-07-29 12:31:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments