MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d29b6d3a43795f840214bdc2e46255566c9840e8aa16cce8704b8eaf34cfba83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara Comments

SHA256 hash:	d29b6d3a43795f840214bdc2e46255566c9840e8aa16cce8704b8eaf34cfba83
SHA3-384 hash:	2c3a6ed40127f81b9df8088edfe7565b2d44d0dbd8a09237b0920c2720c9e2db39515f9865f7ca66d8ceec18707b4763
SHA1 hash:	8a4757afbef49a27272961dca870d69780b2abee
MD5 hash:	ebcc956a463733ff3b8b7f3e10c7bf4a
humanhash:	zulu-vermont-shade-table
File name:	citadel_1.3.3.5.vir
Download:	download sample
Signature	ZeuS
File size:	218'112 bytes
First seen:	2020-07-19 19:24:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2bc9137ee5c90c3bee2368684ec58e92
ssdeep	3072:/6O/nRYH8OuNPfjqZg+6zneWDpX32RqQeBNW4kYQJDBoWD9Utqi:vXOuNPOZgrzeWF2UQebW+QJDBLOtX
TLSH	9A24016238BAFE22D2E679B1A21059C96FD4A5C00FE5DE0438449E3DF581D036ABD763
Reporter	@tildedennis
Tags:	Citadel ZeuS

@tildedennis

citadel version 1.3.3.5

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

Zeus

Link:

https://www.capesandbox.com/analysis/28161/

Detection(s):

Win.Trojan.Zbot-34258

Result

Verdict:

Malware

Maliciousness:

Behaviour

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/390197

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d29b6d3a43795f840214bdc2e46255566c9840e8aa16cce8704b8eaf34cfba83/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2012-05-30 07:01:00 UTC

AV detection:

33 of 40 (82.50%)

Threat level

5/5

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-wza3f95w26/

Behaviour

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetThreadContext

Checks installed software on the system

Adds Run key to start application

Deletes itself

Loads dropped DLL

Executes dropped EXE

AV coverage:

85.71%

AV detections:

60 / 70

Link:

https://www.virustotal.com/gui/file/d29b6d3a43795f840214bdc2e46255566c9840e8aa16cce8704b8eaf34cfba83/detection/f-d29b6d3a43795f840214bdc2e46255566c9840e8aa16cce8704b8eaf34cfba83-1578639818

Threat name:

Unknown

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/citadel/

Cape

https://www.capesandbox.com/analysis/28161/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample