Overview

overview

8

Static

static

zeus 2_2.0...ir.exe

windows7_x64

8

zeus 2_2.0...ir.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zeus 2_2.0.4.0.vir

  • Size

    197KB

  • Sample

    200719-696xlv4cbn

  • MD5

    16374c7a87c60d8c0faefcc168785af6

  • SHA1

    d37159f02d5c6ab273edb92eb159f05d286c9d0a

  • SHA256

    55412a1f909695ad8ec22a5302142a4c9194bd4c2de98672d41953b620bc2e27

  • SHA512

    e4c7947bb2ef5c5647561f8bd07d233ddf2a4263b4fa9a0a077b9c750bb0f9019b21dadd429d6734993e35b4290d04542192273a49c815279c11b069714274e5

Score
8/10
persistence

Malware Config

Targets

    • Target

      zeus 2_2.0.4.0.vir

    • Size

      197KB

    • MD5

      16374c7a87c60d8c0faefcc168785af6

    • SHA1

      d37159f02d5c6ab273edb92eb159f05d286c9d0a

    • SHA256

      55412a1f909695ad8ec22a5302142a4c9194bd4c2de98672d41953b620bc2e27

    • SHA512

      e4c7947bb2ef5c5647561f8bd07d233ddf2a4263b4fa9a0a077b9c750bb0f9019b21dadd429d6734993e35b4290d04542192273a49c815279c11b069714274e5

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks