MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f3709579bd5f0c039eed9e4a849ae46b286cc779cecad78910aaffae51b4278. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 2f3709579bd5f0c039eed9e4a849ae46b286cc779cecad78910aaffae51b4278
SHA3-384 hash: 927f88989b853149c21cf18e00dc5857b9396ffc72cdc24feb639a6f44107dcfa42019f2999d3b37912365185972976b
SHA1 hash: 390e98beff93c5cdc28664c6f7bc906b9b1d851f
MD5 hash: 3c3ebe8014d0c9b63e752267a58f7350
humanhash: east-twenty-colorado-artist
File name:grabbot_0.1.4.0.vir
Download: download sample
Signature ZeuS
File size:290'816 bytes
First seen:2020-07-19 17:16:59 UTC
Last seen:2020-07-19 19:14:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 480aaccfbb5d6bf26d62390c6c43fc30
ssdeep 6144:5lcZI6SVp10KKMzMXJNha4Wf4W5yYgmhM32usWtxal61e4CstSC/h3Lv:fcE10wM9a4wyAhMXtxaQe4+CBv
TLSH 1B54020A59430923D0250A3143EA11D96AFE1C1373A6B5EFDF84701C6DF32D99FEAAB5
Reporter @tildedennis
Tags:grabbot


Twitter
@tildedennis
grabbot version 0.1.4.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Hyteod
Status:
Malicious
First seen:
2014-12-09 05:12:00 UTC
AV detection:
25 of 29 (86.21%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Adds Run key to start application
Checks installed software on the system
Deletes itself
UPX packed file
Suspicious use of NtCreateProcessExOtherParentProcess
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments