Overview

overview

10

Static

static

zeus 1_1.4...ir.exe

windows7_x64

10

zeus 1_1.4...ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zeus 1_1.4.3.0.vir

  • Size

    1015KB

  • Sample

    200719-6m9hqk272s

  • MD5

    0b758c40a26b8b3d1104838f5cf1b57f

  • SHA1

    1dc9c0eff55fd416f81ee9f97df2c54960024776

  • SHA256

    89e35356978b8320736b890db74c9f70f4ab89dc7343bbdfb9cd80530dd4df32

  • SHA512

    746713ce93cea1c228b3157004f3d653906e2130d3b2edeba62313c00f52c0f6da25a554ef59b80c83c942e3b72d31e55fd551378b7f6decf747f08e676d27ea

Score
10/10
persistence

Malware Config

Targets

    • Target

      zeus 1_1.4.3.0.vir

    • Size

      1015KB

    • MD5

      0b758c40a26b8b3d1104838f5cf1b57f

    • SHA1

      1dc9c0eff55fd416f81ee9f97df2c54960024776

    • SHA256

      89e35356978b8320736b890db74c9f70f4ab89dc7343bbdfb9cd80530dd4df32

    • SHA512

      746713ce93cea1c228b3157004f3d653906e2130d3b2edeba62313c00f52c0f6da25a554ef59b80c83c942e3b72d31e55fd551378b7f6decf747f08e676d27ea

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks