MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b10ddb98e8e357ff956840192777f4c651953e2b0bd59b296ef0b478f94c3c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 8b10ddb98e8e357ff956840192777f4c651953e2b0bd59b296ef0b478f94c3c8
SHA3-384 hash: 32d6e4a34570fbee611e0f852adc01c113287ab1bd48982acffb8c8e32165776d27ffd6a1e782a1a1a132255149f8673
SHA1 hash: 7118db25569669332c0049566e3fe82f51d26073
MD5 hash: fb436d8aa1498d5e733619de152f8109
humanhash: quebec-yankee-comet-charlie
File name:grabbot_0.1.6.2.vir
Download: download sample
Signature n/a
File size:364'544 bytes
First seen:2020-07-19 17:16:20 UTC
Last seen:2020-07-19 19:13:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d7fc4c37c7087d0db5a0f83304c76862
ssdeep 6144:XyNWrz96ZxLwusFXtdzBETztlcCH2nckXclPhTBeGt0fvUDUzeXpPT/Ozsqfu:XRKxEuIFEPtlbWncTBVtkvUNhTOzsAu
TLSH 3A740222F3E0B94DFC96BFB85BD0F2284C5285B78E9F2E5A709435690259113B34DB1E
Reporter @tildedennis
Tags:grabbot


Twitter
@tildedennis
grabbot version 0.1.6.2

Intelligence


File Origin
# of uploads :
2
# of downloads :
22
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbal
Status:
Malicious
First seen:
2016-01-11 00:43:00 UTC
AV detection:
23 of 29 (79.31%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence spyware
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Adds Run key to start application
Checks whether UAC is enabled
Adds Run key to start application
Reads user/profile data of web browsers
Reads user/profile data of web browsers
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments