MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba17f2ed642b9376a974263ac207dc55385c8d09119c89c5b1afb3b20215705a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: ba17f2ed642b9376a974263ac207dc55385c8d09119c89c5b1afb3b20215705a
SHA3-384 hash: c6298bc56832d51658ba2cd643154eff118fd3cd62fc5e9e67080355f2119531215e8be12a24bd068fd4b31b6ca83199
SHA1 hash: 1f90a17cd0e8c5b33d37c4f1d52e6fb490bbb888
MD5 hash: 6842dfc607a5d22511b0b37025092976
humanhash: blue-mississippi-carolina-carpet
File name:citadel_1.1.5.1.vir
Download: download sample
Signature ZeuS
File size:224'768 bytes
First seen:2020-07-19 16:45:04 UTC
Last seen:2020-07-19 19:10:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b7aa61ca8c9740637c0f1c56c8adc752
ssdeep 6144:awlYUjkueoLLOSxGZZ3MsHWGi+zWLVVbbTQJQoSu:VWUlLLORT27+zW5V/TQJQoSu
TLSH BF242279D9631BDEDB2C5ABF8B7A5CAA0445F04DE96BE67E1350010CD481FBA244BF40
Reporter @tildedennis
Tags:Citadel ZeuS


Twitter
@tildedennis
citadel version 1.1.5.1

Intelligence


File Origin
# of uploads :
3
# of downloads :
18
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending a custom TCP request
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2012-02-25 22:45:00 UTC
AV detection:
36 of 40 (90.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
UPX packed file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments