Overview

overview

8

Static

static

zeus 2_2.0...ir.exe

windows7_x64

8

zeus 2_2.0...ir.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zeus 2_2.0.9.5.vir

  • Size

    178KB

  • Sample

    200719-346e7y9ttx

  • MD5

    ab2a53cdd738d64f58f878a1d7b39355

  • SHA1

    d9bdddec5dfaa40d07b437843d95f3dbc8f7bd3d

  • SHA256

    41ea373c7a57eb0c9103d7b4edb4cc2a381f80cfff02dfe704f851ae8722853e

  • SHA512

    a8db01348fe18a94dd6edd9d1eeb67af75ffe378243dd9a2ebe15e1bac92d933ef7e6f7550165ec37808f2f9780023fa26041cbfa90832985533082e614e5f6e

Score
8/10
persistence

Malware Config

Targets

    • Target

      zeus 2_2.0.9.5.vir

    • Size

      178KB

    • MD5

      ab2a53cdd738d64f58f878a1d7b39355

    • SHA1

      d9bdddec5dfaa40d07b437843d95f3dbc8f7bd3d

    • SHA256

      41ea373c7a57eb0c9103d7b4edb4cc2a381f80cfff02dfe704f851ae8722853e

    • SHA512

      a8db01348fe18a94dd6edd9d1eeb67af75ffe378243dd9a2ebe15e1bac92d933ef7e6f7550165ec37808f2f9780023fa26041cbfa90832985533082e614e5f6e

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks