Overview

overview

8

Static

static

zeus 2_2.1...ir.exe

windows7_x64

8

zeus 2_2.1...ir.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zeus 2_2.1.0.2.vir

  • Size

    220KB

  • Sample

    200719-qetmbv4pmj

  • MD5

    233191fe9b7daea48764f00e9e2e55b5

  • SHA1

    35395eb855503662708286251db2dcfde324cc9e

  • SHA256

    857dcf87ce9465da45451d75d0c780115b543b004992117e48c9d9498ddee64a

  • SHA512

    82af57478e5a32fac703c581ae1c32b74067f75e6b06624fe727aba73833c88e57deb44725709077df5d8d8af767111a97d11057169951fa053b78700645c1ab

Score
8/10
persistence

Malware Config

Targets

    • Target

      zeus 2_2.1.0.2.vir

    • Size

      220KB

    • MD5

      233191fe9b7daea48764f00e9e2e55b5

    • SHA1

      35395eb855503662708286251db2dcfde324cc9e

    • SHA256

      857dcf87ce9465da45451d75d0c780115b543b004992117e48c9d9498ddee64a

    • SHA512

      82af57478e5a32fac703c581ae1c32b74067f75e6b06624fe727aba73833c88e57deb44725709077df5d8d8af767111a97d11057169951fa053b78700645c1ab

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks