MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 989d34e7e12df031098bc9898451e765b2a79c9af7416ea9906f81e95755cc20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 989d34e7e12df031098bc9898451e765b2a79c9af7416ea9906f81e95755cc20
SHA3-384 hash: 99853fdce6ae21ff921ee2abf32c1900fe7fcf2db290e093696ec01ef72ef093c04654f9f57d108edccfa6e0c5c3ec27
SHA1 hash: dad6a70eee64ce5d8cc2f7ebc6bb444a6337fc3f
MD5 hash: b2325969f4c2db6350b279b5f255e0c8
humanhash: tennessee-muppet-illinois-lima
File name:citadel_1.2.0.0.vir
Download: download sample
Signature ZeuS
File size:239'616 bytes
First seen:2020-07-19 17:28:18 UTC
Last seen:2020-07-19 19:18:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 551c37f0249797aeac3324df9d7e673d
ssdeep 6144:bRd8DNbBVMYkrF2QhlAf1Bkz3rVFj4QibhdCB5uHmoSy:bReRYr3hefYrVFcQiV8fuGoSy
TLSH 82342310127F3D99CC1C96735807CB56184CA80626A87DB91BDB713CECA66BCEF28A5D
Reporter @tildedennis
Tags:Citadel ZeuS


Twitter
@tildedennis
citadel version 1.2.0.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
21
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2012-02-04 20:37:00 UTC
AV detection:
36 of 40 (90.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
UPX packed file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments