MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fd9a04134b3d43f451c21c5df09d603132aefe6149b0842eb810710276e31ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 9fd9a04134b3d43f451c21c5df09d603132aefe6149b0842eb810710276e31ad
SHA3-384 hash: 2a891274814a7927564ef631b80cf5317c48a4cabaf283989e2717195386f86fecc5679056ab826505e0712e3b2ddc42
SHA1 hash: 828878480815f012e5ace8a7a7f9e1cf2ca4b232
MD5 hash: b719e4d5b97d08cfd79f914c07cfa912
humanhash: snake-sad-william-oscar
File name:citadel_3.0.0.0.vir
Download: download sample
Signature ZeuS
File size:368'128 bytes
First seen:2020-07-19 19:44:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0793d96facf8634f1c7e920735494af3
ssdeep 6144:TfI9hZ1Cnv90mHieDko4hHqeBunxvkaBOKdQ6YM8YgT9Qll30pNd:i/snumCeD6tqu8vkjwhvghQD30pNd
TLSH 4774F1F2213A42D5E44EA3BBCBADC345E8329CA0BB4B5256B19C1045C6CCCED6F65F61
Reporter @tildedennis
Tags:Citadel


Twitter
@tildedennis
citadel version 3.0.0.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2014-08-14 14:24:00 UTC
AV detection:
22 of 29 (75.86%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments