MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c850cfff31192c9f8439e0b9e4127d0b419c9909d2c85e7e99a5bb0115db3c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 4c850cfff31192c9f8439e0b9e4127d0b419c9909d2c85e7e99a5bb0115db3c9
SHA3-384 hash: e4c827ce5b6660c260c7efb6cf4dbe46efc835e6a93e00f7e3a6e8e00d7dbc4c3a66ca8eda5eda65ec1edd99e22f05b4
SHA1 hash: 60ad3147c56275e99c06576948f31a14bbf6dcc8
MD5 hash: b3a89f2ad0c7f93c5c372ff5fe2b4cbc
humanhash: march-apart-coffee-pennsylvania
File name:citadel_1.3.1.0.vir
Download: download sample
Signature ZeuS
File size:197'632 bytes
First seen:2020-07-19 19:21:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2f51ce553b9e8fb6eb431d6bf1bf8f26
ssdeep 3072:BPBVzTPXamcoGWHyJS1gJgAx7wrhhY2NqkAukB7IQH4ftsTEDbsouvJ:BrzTPKmcoFtgJgbhhY2oQQYSTcgoEJ
TLSH C614239ACBD9A52DE1ECF53B032AA84F145010F8E7582BE7156731E4FD8478E0D23B86
Reporter @tildedennis
Tags:Citadel ZeuS


Twitter
@tildedennis
citadel version 1.3.1.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
17
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2012-03-15 10:24:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
UPX packed file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments