Overview

overview

8

Static

static

zeus 2_2.0...ir.exe

windows7_x64

8

zeus 2_2.0...ir.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zeus 2_2.0.3.1.vir

  • Size

    149KB

  • Sample

    200719-whxssm2fe6

  • MD5

    a4fad2f8844d008eea0519128c5145e4

  • SHA1

    752fbb7202fde75f4210710db567bbd337f80d93

  • SHA256

    ae68aa53a27732eb0803f205fee19d3ca3e8bce7c0ac03d3fb30ab89a46626de

  • SHA512

    86122cff5375ed64dbc9319a94698f9029a96e4379cd37742556da05f9d4a71eeefe52383cbe978af3d6e1a60e65352d85d14c2844bd4eee6d8af6f959f0a99d

Score
8/10
persistence

Malware Config

Targets

    • Target

      zeus 2_2.0.3.1.vir

    • Size

      149KB

    • MD5

      a4fad2f8844d008eea0519128c5145e4

    • SHA1

      752fbb7202fde75f4210710db567bbd337f80d93

    • SHA256

      ae68aa53a27732eb0803f205fee19d3ca3e8bce7c0ac03d3fb30ab89a46626de

    • SHA512

      86122cff5375ed64dbc9319a94698f9029a96e4379cd37742556da05f9d4a71eeefe52383cbe978af3d6e1a60e65352d85d14c2844bd4eee6d8af6f959f0a99d

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks