MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85e8eb80abd37d60fe3c10fa22f9585ac1932b3a8079317f663b90191920b75b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 85e8eb80abd37d60fe3c10fa22f9585ac1932b3a8079317f663b90191920b75b
SHA3-384 hash: cd0618a30e4285a20669b80534750c15143e31f9f44b269373f212cee54183e42fb07272eca931e644b46deeec52520f
SHA1 hash: 666cc7d3b58aba61a73c482605bf1f2a612bc7f7
MD5 hash: 8fdf36fb7f4935a272f7e6898b70bdc9
humanhash: india-washington-white-alabama
File name:citadel_1.3.5.1.vir
Download: download sample
Signature ZeuS
File size:235'152 bytes
First seen:2020-07-19 19:24:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3af5d0f7f13f6d8f1d63d59e50e56671
ssdeep 6144:9asc697CkR6dgmPQIgAAJBXYcV7wezwhQXpLhEK/A4lu:9ascwGkkddgA+BXbwh2pL6KI4
TLSH 32341281F7C7F4E1DF4853B24E1777660EB29A257EC5E0B36F2A340195A238D960BC86
Reporter @tildedennis
Tags:Citadel


Twitter
@tildedennis
citadel version 1.3.5.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2013-05-06 15:46:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
UPX packed file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments