MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52576fe06db6c4cf5e307a8c86fc53d5f4ecfd5879fb7d7835c99843f2a069c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 52576fe06db6c4cf5e307a8c86fc53d5f4ecfd5879fb7d7835c99843f2a069c6
SHA3-384 hash: eb38ef57b9b0f02b6aeca7557bd758804f99254f092807b99967bbab2c2a65c368261f89f25c5fb068585dbcf74ee36d
SHA1 hash: 3365f6705e7e05b899584ebc74f0dd6839ab9135
MD5 hash: 581ea50d38f87e99eb85ca9d0e8b01bd
humanhash: harry-indigo-edward-ten
File name:murofet_0.0.0.4.vir
Download: download sample
Signature ZeuS
File size:157'184 bytes
First seen:2020-07-19 17:18:25 UTC
Last seen:2020-07-19 19:14:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 105bea0e26da8a5e0f04e8750b991db9
ssdeep 3072:n71VdrbrHWQwMZDixsxwJhS4ZFSX6m49f4VsBZyaHBo:lrbrHuuDbxB4no6NxB7H
TLSH 82E3E04AC734A7E0EF61E3FD5A51835C417DD50030B8A31FB469391BE39367AB4A8A93
Reporter @tildedennis
Tags:murofet ZeuS


Twitter
@tildedennis
murofet version 0.0.0.4

Intelligence


File Origin
# of uploads :
2
# of downloads :
21
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Fakeav
Status:
Malicious
First seen:
2011-05-21 13:25:00 UTC
AV detection:
23 of 25 (92.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
NTFS ADS
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments