Overview

overview

10

Static

static

8

zeus 1_1.2...ir.exe

windows7_x64

5

zeus 1_1.2...ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zeus 1_1.2.0.2.vir

  • Size

    392KB

  • Sample

    200719-eptfctrsa6

  • MD5

    7764d5b184d70e230a06f0cf378becca

  • SHA1

    eef3fef786a73cc0375f92998f201f1f3ab17ff3

  • SHA256

    b796149f2778ac446b458afbf21f6e729d646f0810d010ac5deb6f3620aed860

  • SHA512

    8db8a6fcb65ae2a9d6c30346cef22b167fae2dace54e86982cad504b0aa2b3a8c9b038dc81e3c550dc08586f991cb9214cc3f4a00411b0fa258974d5641721e0

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      zeus 1_1.2.0.2.vir

    • Size

      392KB

    • MD5

      7764d5b184d70e230a06f0cf378becca

    • SHA1

      eef3fef786a73cc0375f92998f201f1f3ab17ff3

    • SHA256

      b796149f2778ac446b458afbf21f6e729d646f0810d010ac5deb6f3620aed860

    • SHA512

      8db8a6fcb65ae2a9d6c30346cef22b167fae2dace54e86982cad504b0aa2b3a8c9b038dc81e3c550dc08586f991cb9214cc3f4a00411b0fa258974d5641721e0

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks