General

  • Target

    zeus 1_1.3.3.8.vir

  • Size

    155KB

  • Sample

    200719-wepr1t9zhj

  • MD5

    fa7fb823b3b039c7de840b6d12bd4ef1

  • SHA1

    f0917fbc1aa60cceeba06947772b377c6d24a165

  • SHA256

    7b0d97cee51c0663b83dfafc0ee2f063863da7c8aa2345022b02dd09da2db6e6

  • SHA512

    554769d812f2065a038900e476c5d6ddcbd21dd6dae6c30e8044fba55fc42a442e715dc9b53f9a8f5cb7b81eec877dbe13eab929846c1395c396ccb87bd45bf7

Score
10/10

Malware Config

Targets

    • Target

      zeus 1_1.3.3.8.vir

    • Size

      155KB

    • MD5

      fa7fb823b3b039c7de840b6d12bd4ef1

    • SHA1

      f0917fbc1aa60cceeba06947772b377c6d24a165

    • SHA256

      7b0d97cee51c0663b83dfafc0ee2f063863da7c8aa2345022b02dd09da2db6e6

    • SHA512

      554769d812f2065a038900e476c5d6ddcbd21dd6dae6c30e8044fba55fc42a442e715dc9b53f9a8f5cb7b81eec877dbe13eab929846c1395c396ccb87bd45bf7

    Score
    10/10
    • Modifies WinLogon for persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks