MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff92eb5433354ad51ba6c586ed91e8b69f32271b0d523352c87f8ae4d075151b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff92eb5433354ad51ba6c586ed91e8b69f32271b0d523352c87f8ae4d075151b
SHA3-384 hash: 664a14d1913e21d6d6bb2d2887885984b3e36f0067626ba657c55b261ca0e032c45cdf966a9b3b2149a3484f510c8045
SHA1 hash: e89098c215538c7afa1f550fc0d73264be1900ab
MD5 hash: 8dea3337a2681be366086df2563375ec
humanhash: football-tennis-pip-king
File name:citadel_1.3.4.5.vir
Download: download sample
Signature ZeuS
Create hunting rule
File size:296'010 bytes
First seen:2020-07-19 16:34:02 UTC
Last seen:2020-07-19 19:09:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 66b98adf67d24899d05fa978905c7b49 (1 x ZeuS)
ssdeep 6144:b7NyWYNRiCTabV+53LZE0C9Rvx21hFfHqH56UkIkF40shSE:b7NyWYNRi+ax+52P9R52lHqZ6z/CSE
Threatray 114 similar samples on MalwareBazaar
TLSH 7154021D9C8B9437E9480834D799A9C22FFD4C333AF726EFD704580F09F69A9A8519B4
Reporter tildedennis
Tags:Citadel ZeuS


Avatar
tildedennis
citadel version 1.3.4.5

Intelligence

File Origin
# of uploads :
4
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zeus
Create hunting rule
Link:
https://www.capesandbox.com/analysis/27849/
Detection(s):
Win.Trojan.Gamarue-6964332-0
Create hunting rule

Win.Trojan.Graftor-5138
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Detection:
citadel
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ff92eb5433354ad51ba6c586ed91e8b69f32271b0d523352c87f8ae4d075151b/
Threat name:
Win32.Hacktool.CeeInject
Create hunting rule
Status:
Suspicious
First seen:
2014-11-15 08:34:39 UTC
AV detection:
40 of 48 (83.33%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
118185aed4dd97bbf3fe28bebb075a67ca7dbf75dee24efa999e170ee13d0396
ZeuS
1ec347934db2ded3a012479882732bfb3cdc85b0d4b2911e3402c1fa693a2235
ZeuS
371b9214f60a70c81ec1756d284e8028ff7603498341ecb7fa5cc09f3b10043e
ZeuS
4544ada7458cad0c5a467b9bff1ac1a25f959e35c41a04298738195f93d7899a
ZeuS
51bc210eb085de493839d64fb12c5dddfeb856a8f590587222e42dd6f6118bc1
ZeuS
ae0d3dbeab58e9b9b68ab6087eb5b30ace6f8892af4a85034f77ae3592271e42
ZeuS
b7f6102de87c99e03f47ea0b642f265cdf584316ac3e02733d42c3b17603a22c
ZeuS
cf813a86d30ddd0c2ca59f73334fffd241bfd31eddfe30dc2e73d5b29ae752d1
ZeuS
d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19
ZeuS
fcce249643f7fe240695fdbc393b54a543fa4a49942b56ad8aad6f219c4f896d
ZeuS
+ 104 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/200719-bstmhk3r2a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Adds Run key to start application
Enumerates connected drives
Enumerates connected drives
Deletes itself
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff92eb5433354ad51ba6c586ed91e8b69f32271b0d523352c87f8ae4d075151b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/citadel/
Cape
Cape
https://www.capesandbox.com/analysis/27849/

Comments