MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c759b96dca08330cce6b7787e69b286d3b1a22a618f81409fd674ef720eb6dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 6c759b96dca08330cce6b7787e69b286d3b1a22a618f81409fd674ef720eb6dd
SHA3-384 hash: 4c33c267291a07011e64ecbe382cdfb4bd0ed67ae2e15678c7b17ec3804d7a2620478daf527c597de7695d284b00b934
SHA1 hash: 739bee3b3bbbf920f1483875ca880c8e49326448
MD5 hash: 8773b8aecd2979784c4b93ee890bd11d
humanhash: tennessee-single-sierra-sierra
File name:uncategorized_1.2.4.0.vir
Download: download sample
Signature ZeuS
File size:693'784 bytes
First seen:2020-07-19 19:26:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d8588a1813b18169bddaaffb89a2dc7d
ssdeep 12288:VCs0tdKhrzSUvopbpO6HJhaxe0Xg6rvrLci8GDAXOA:VCxOEWo5Pge0XJrrIKcOA
TLSH 5EE4F112B1E1D023C06752794467D7B2A776AD7406321AA73FE53E1F7F782E189032B6
Reporter @tildedennis
Tags:uncategorized ZeuS


Twitter
@tildedennis
uncategorized version 1.2.4.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2015-10-10 01:44:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Adds Run key to start application
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments