ZoomInfoContactContributor.exe

General
Target

ZoomInfoContactContributor.exe

Size

259KB

Sample

201119-egd25376vj

Score
8 /10
MD5

0b5719e9fd40b85d4d95e475e9431cd0

SHA1

132151d26e61d2fda4e4b31eb376a41ea0d56e6d

SHA256

2aa9f15810e2c55dbc8522e386d76d1a8fb3a63a712b33e17bd2139a7b45c76b

SHA512

ed17497df8e53eb9a49ff3d6ed5bf8d84f17a045947a4b474204a8bf06254f8a801be1243599e526123ccc5e88af389f718021409567ac86ed28d988afd3d1cf

Malware Config
Targets
Target

ZoomInfoContactContributor.exe

MD5

0b5719e9fd40b85d4d95e475e9431cd0

Filesize

259KB

Score
7 /10
SHA1

132151d26e61d2fda4e4b31eb376a41ea0d56e6d

SHA256

2aa9f15810e2c55dbc8522e386d76d1a8fb3a63a712b33e17bd2139a7b45c76b

SHA512

ed17497df8e53eb9a49ff3d6ed5bf8d84f17a045947a4b474204a8bf06254f8a801be1243599e526123ccc5e88af389f718021409567ac86ed28d988afd3d1cf

Tags

Signatures

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query Registry System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                1/10

                behavioral2

                7/10