MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf813a86d30ddd0c2ca59f73334fffd241bfd31eddfe30dc2e73d5b29ae752d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: cf813a86d30ddd0c2ca59f73334fffd241bfd31eddfe30dc2e73d5b29ae752d1
SHA3-384 hash: b7524efdb388d9cf309b05f05a9df786a6a844e0b36c72dc8cc9cb48f9a55a1dac6b9c8b3a2ccc221f66f36a331a9761
SHA1 hash: ea937edc811b75a2949eb609d95bc53b031e63ed
MD5 hash: df96ba696553268ea03f8bfa555047a4
humanhash: yellow-don-yankee-shade
File name:citadel_1.3.3.1.vir
Download: download sample
Signature ZeuS
File size:204'288 bytes
First seen:2020-07-19 17:33:20 UTC
Last seen:2020-07-19 19:19:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b294ebc0d1428227d21c9d57604ad626
ssdeep 3072:MrzshwevuWUEmMHh6Telg2Js4MoMIj2PHIWfkupIxCjmFaD8w:0zshweWbTPKS2Js4M1hwWMxQjm
TLSH 0514E02EE6D3F5A1E35804F5FEEA5953956EBC44087CAF860644FED928C3900AEC5393
Reporter @tildedennis
Tags:Citadel ZeuS


Twitter
@tildedennis
citadel version 1.3.3.1

Intelligence


File Origin
# of uploads :
2
# of downloads :
21
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2012-12-16 03:55:00 UTC
AV detection:
23 of 25 (92.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments