8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b | Triage

Sharing

General

Target

zeus 1_1.3.3.0.vir
Size

160KB
Sample

200719-6mgaacxfj6
MD5

cb6e711560e0a64d7bf387e55cf40437
SHA1

43e952c6403f0af82e9862dc4990676c35dd56e0
SHA256

8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b
SHA512

e3e3d981561c7b26522726c2652426aa813ab44176ac8b1f82064628b8f4c81b9d707d1bbee5f1a0b032c359c9a773791f62d817afe0b25a6d38ac33c6c79b2f

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  zeus 1_1.3.3.0.vir
- Size
  
  160KB
- MD5
  
  cb6e711560e0a64d7bf387e55cf40437
- SHA1
  
  43e952c6403f0af82e9862dc4990676c35dd56e0
- SHA256
  
  8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b
- SHA512
  
  e3e3d981561c7b26522726c2652426aa813ab44176ac8b1f82064628b8f4c81b9d707d1bbee5f1a0b032c359c9a773791f62d817afe0b25a6d38ac33c6c79b2f
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2