MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f958446ebb32ab8bffa0d3573f391dff2af026fa3cdac783d51b0906335b273. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 9f958446ebb32ab8bffa0d3573f391dff2af026fa3cdac783d51b0906335b273
SHA3-384 hash: fdf4db217756c1d468cda2f8b549bbeae5fd5137d2fc6be863050fd9249857a53f6c0f781a7c021fc2501a254c17e908
SHA1 hash: 84e593a0d636994208d8a4c1e22ac52b39fe7c9e
MD5 hash: a05f1cacb27ca3365c5abab71d7c64c4
humanhash: alanine-princess-mike-tennessee
File name:grabbot_0.1.6.6.vir
Download: download sample
Signature ZeuS
File size:561'664 bytes
First seen:2020-07-19 17:21:11 UTC
Last seen:2020-07-19 19:15:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 17a917cb347fd3750ce41c63d430243e
ssdeep 12288:qrhaYTHqOMWlLAzlTdAAjGv8DZiDZI2Dy+pFvdnQ:chaYTHqdWuzlTdAAJD4lvDy+pbnQ
TLSH ABC4CF6931B0D27DD466E63B04DF8B609535FCED5A2086B7627CBD393B38D838127622
Reporter @tildedennis
Tags:grabbot ZeuS


Twitter
@tildedennis
grabbot version 0.1.6.6

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2016-07-21 00:41:00 UTC
AV detection:
21 of 29 (72.41%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence spyware
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Adds Run key to start application
Adds Run key to start application
Reads user/profile data of web browsers
Deletes itself
Deletes itself
Reads user/profile data of web browsers
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments