Overview

overview

10

Static

static

zeus 1_1.2...ir.exe

windows7_x64

5

zeus 1_1.2...ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zeus 1_1.2.4.2.vir

  • Size

    157KB

  • Sample

    200719-zqc3lm53bn

  • MD5

    66213afc42b9176391f5a1abe6787b45

  • SHA1

    49a6245c789982f3e6b425dfd6878dc45f388594

  • SHA256

    5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6

  • SHA512

    5ef65355f4338f82952a8d2983abf4b41355400d1e85869090d07af80eed1a7d511d64cec150526c646235a1d05cfbc917f49f6aff690665be35ef5bdf68d801

Score
10/10
persistence

Malware Config

Targets

    • Target

      zeus 1_1.2.4.2.vir

    • Size

      157KB

    • MD5

      66213afc42b9176391f5a1abe6787b45

    • SHA1

      49a6245c789982f3e6b425dfd6878dc45f388594

    • SHA256

      5c91e90a547e598c68f6ab7a607149e53872feac28386ffc3bea8d00fd1abed6

    • SHA512

      5ef65355f4338f82952a8d2983abf4b41355400d1e85869090d07af80eed1a7d511d64cec150526c646235a1d05cfbc917f49f6aff690665be35ef5bdf68d801

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks