Overview

overview

10

Static

static

zeus 1_1.3...ir.exe

windows7_x64

10

zeus 1_1.3...ir.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zeus 1_1.3.2.1.vir

  • Size

    116KB

  • Sample

    200719-sjn4yax2ke

  • MD5

    6c2d8d645f55e92eff8e1e2d8a065bff

  • SHA1

    929a5ebdcf4c00d8365f5b7da01e5d3192f382c5

  • SHA256

    66114ad746cfa51414a75a808c7dcde250c15fbd63289c589449658068a73418

  • SHA512

    88615fe49e2399477b0ce5dea48642ce6870582dfe9a35ebf8a4ea93ddf3a7259503ab35c92b42a6f7616e8a08a18f49829f49e12b490bbb9935fe95dcf6e767

Score
10/10
persistence

Malware Config

Targets

    • Target

      zeus 1_1.3.2.1.vir

    • Size

      116KB

    • MD5

      6c2d8d645f55e92eff8e1e2d8a065bff

    • SHA1

      929a5ebdcf4c00d8365f5b7da01e5d3192f382c5

    • SHA256

      66114ad746cfa51414a75a808c7dcde250c15fbd63289c589449658068a73418

    • SHA512

      88615fe49e2399477b0ce5dea48642ce6870582dfe9a35ebf8a4ea93ddf3a7259503ab35c92b42a6f7616e8a08a18f49829f49e12b490bbb9935fe95dcf6e767

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks