Overview

overview

7

Static

static

7

Zeus 0.2.exe

windows7-x64

7

Zeus 0.2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    18-03-2023 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Zeus 0.2.exe

  • Size

    18.2MB

  • MD5

    1e97f6146a4c217ec9a28bfaee9fea07

  • SHA1

    6d3c051502dd24e6ff671dea5e973eb08108c3f6

  • SHA256

    72f4ad18fe9b73073d10ea4b8efea0f0f9c148e823388dc7fda4677b28a5dc69

  • SHA512

    4bf7846b8bc33a7444b5db464be85f593432dd8578cedeb332227e4b746ee67160f0dda57dc7c637c79da060cfa2a4a445d296ea6f3c7ad9a7fb851966fc081e

  • SSDEEP

    393216:aGpv+yh9ROf731uB74xoB+yyBhQFMgqS0XvZSVP0Feh1Kc:7vl473C4okPLQCgpIY1yc

Score
7/10
agilenetvmprotect

Malware Config

Signatures

  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Obfuscated with Agile.Net obfuscator 5 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect

Processes

  • C:\Users\Admin\AppData\Local\Temp\Zeus 0.2.exe
    "C:\Users\Admin\AppData\Local\Temp\Zeus 0.2.exe"
    1⤵
      PID:1064

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1064-54-0x0000000000B20000-0x0000000002F26000-memory.dmp
      Filesize

      36.0MB

      Download
    • memory/1064-55-0x000000000B860000-0x000000000C108000-memory.dmp
      Filesize

      8.7MB

      Download
    • memory/1064-56-0x00000000090C0000-0x0000000009100000-memory.dmp
      Filesize

      256KB

      Download
    • memory/1064-58-0x00000000004A0000-0x00000000004C0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1064-57-0x0000000007ED0000-0x0000000008852000-memory.dmp
      Filesize

      9.5MB

      Download
    • memory/1064-59-0x00000000004C0000-0x00000000004CE000-memory.dmp
      Filesize

      56KB

      Download
    • memory/1064-60-0x0000000000910000-0x000000000092E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/1064-61-0x0000000000940000-0x0000000000954000-memory.dmp
      Filesize

      80KB

      Download
    • memory/1064-62-0x0000000008950000-0x0000000008A92000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1064-63-0x00000000009C0000-0x00000000009C6000-memory.dmp
      Filesize

      24KB

      Download