ZoomInfoContactContributor.exe

Target

Size

259KB

Sample

201119-1e1ky8mt2j

Score

8 ^/10

MD5

0b5719e9fd40b85d4d95e475e9431cd0

SHA1

132151d26e61d2fda4e4b31eb376a41ea0d56e6d

SHA256

2aa9f15810e2c55dbc8522e386d76d1a8fb3a63a712b33e17bd2139a7b45c76b

SHA512

ed17497df8e53eb9a49ff3d6ed5bf8d84f17a045947a4b474204a8bf06254f8a801be1243599e526123ccc5e88af389f718021409567ac86ed28d988afd3d1cf

Target

ZoomInfoContactContributor.exe

MD5

0b5719e9fd40b85d4d95e475e9431cd0

Filesize

259KB

Score

7 ^/10

SHA1

132151d26e61d2fda4e4b31eb376a41ea0d56e6d

SHA256

2aa9f15810e2c55dbc8522e386d76d1a8fb3a63a712b33e17bd2139a7b45c76b

SHA512

ed17497df8e53eb9a49ff3d6ed5bf8d84f17a045947a4b474204a8bf06254f8a801be1243599e526123ccc5e88af389f718021409567ac86ed28d988afd3d1cf

Signatures

Executes dropped EXE
Loads dropped DLL
Adds Run key to start application

Tags

persistence

TTPs

Registry Run Keys / Startup Folder Modify Registry
Checks installed software on the system

Description

Looks up Uninstall key entries in the registry to enumerate software on the system.

Tags

discovery

TTPs

Query Registry
Checks computer location settings

Description

Looks up country code configured in the registry, likely geofence.

TTPs

Query Registry System Information Discovery

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

1^/10

behavioral1

discovery persistence pyinstaller

8^/10

behavioral2

7^/10

Tags

Signatures

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Checks computer location settings

Description

TTPs

Related Tasks

static1

behavioral1

behavioral2