General

  • Target

    zeus 2_2.1.0.3.vir

  • Size

    199KB

  • Sample

    200719-14ly3dznas

  • MD5

    dc6b98b9707c0922ab6a53b3efdd5dac

  • SHA1

    a72e76fbd5dfa53b3d27ed9d9e6d194a085d7d0e

  • SHA256

    f55d6bd5f13356eda64fae070a5eee1a080f06a0aa69bdd7e137496d88346be3

  • SHA512

    04b730c73876fc89eb465ebc069ad1e1bdbfbf5d1654a4bb49457d87ec290dd1832a571dea47adabea0d3f3c0461f8ce70d10fe2e4a82cbb698fed254c5d269b

Score
9/10

Malware Config

Targets

    • Target

      zeus 2_2.1.0.3.vir

    • Size

      199KB

    • MD5

      dc6b98b9707c0922ab6a53b3efdd5dac

    • SHA1

      a72e76fbd5dfa53b3d27ed9d9e6d194a085d7d0e

    • SHA256

      f55d6bd5f13356eda64fae070a5eee1a080f06a0aa69bdd7e137496d88346be3

    • SHA512

      04b730c73876fc89eb465ebc069ad1e1bdbfbf5d1654a4bb49457d87ec290dd1832a571dea47adabea0d3f3c0461f8ce70d10fe2e4a82cbb698fed254c5d269b

    Score
    9/10
    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Modifies WinLogon

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Account Manipulation

1
T1098

Registry Run Keys / Startup Folder

1
T1060

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

3
T1112

Discovery

Remote System Discovery

1
T1018

Tasks