MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79e49f532968d8b8ffa58e61e72135d2faf6e7384733f1e6386c9169d746138a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 79e49f532968d8b8ffa58e61e72135d2faf6e7384733f1e6386c9169d746138a
SHA3-384 hash: 4747c90bb1cca1ca9c30d7e1bcc5250e33475f4cfad287ab903c30ed19662ac98f537ab24734777f3f888f5995b944b8
SHA1 hash: 281ebe3a7201cad3de816f8479a5bb51d36874b6
MD5 hash: 86bef096503952ba633b67c711d3bbf9
humanhash: kentucky-mountain-pizza-one
File name:citadel_1.3.5.0.vir
Download: download sample
Signature ZeuS
File size:253'952 bytes
First seen:2020-07-19 19:23:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 82b05c0993cf8c4f58853b8bddf605b8
ssdeep 3072:OFldDkSYCdcaB2UZthZPB2dDIKAHGQE1vikKhpEJaF2gxiN1Fuexw/Pj92/K98pE:OxD00chUZtywQ9Khp7Ouex0V98psNk
TLSH DB44F18071529A7BC8F5C2FA58BF4E498535AD090F0164CB77D41F4E6AF82D2AF3522B
Reporter @tildedennis
Tags:Citadel ZeuS


Twitter
@tildedennis
citadel version 1.3.5.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
17
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2012-09-24 20:16:00 UTC
AV detection:
21 of 25 (84.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Checks installed software on the system
Loads dropped DLL
Deletes itself
Reads user/profile data of web browsers
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments