MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c9087b9e6af76699ab0777535b2e99c4a345f6d4714953604367adfc4a8f7c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 8c9087b9e6af76699ab0777535b2e99c4a345f6d4714953604367adfc4a8f7c1
SHA3-384 hash: 998854febe02b98220399908094c3fe3a0cb947a191a88568f57bb0da24521aef38c3984ba387992c8ed5709f694b2b5
SHA1 hash: b9c25407e93420b4cdce9b5f8d2a971038aee47a
MD5 hash: a6b4b6bb07cf1e7dd6e352f98b07a872
humanhash: lactose-ten-romeo-sodium
File name:murofet_0.0.0.5.vir
Download: download sample
Signature ZeuS
File size:164'352 bytes
First seen:2020-07-19 16:49:24 UTC
Last seen:2020-07-19 19:12:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash df813b7969626fafaedad27940ee3e77
ssdeep 3072:nza6F8300ZfllhuXWoqgPWNoYh2n9b3AHR43VSg0w3HCCE8nU+M/Cr1:nE30X8gPWNT29ORw0w3HCCE8nU1/Cp
TLSH 61F3D065D3A0E7D8FC1920FA88E6459F007EB8970C2951625C482FBBDBD43B5FBE5202
Reporter @tildedennis
Tags:murofet


Twitter
@tildedennis
murofet version 0.0.0.5

Intelligence


File Origin
# of uploads :
3
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2011-07-02 21:14:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Modifies Internet Explorer settings
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments