General

  • Target

    zeusvm_test002.exe

  • Size

    1.4MB

  • Sample

    210713-v3nnvrwwva

  • MD5

    05dfc8f126418c77521ff45f607257af

  • SHA1

    a784ca3c97a83532cf2a2d497365fa8e7fe353cf

  • SHA256

    1aab662435a6a2aeadf54ab5c31dbc6560dd4c9332769ed968e3ccf77ae8da68

  • SHA512

    1b2d930388c86edc62d7a3614779ed9e04ad1ed0382619f70e470cc1b9faf3a7248c17d6675620c1ba5a9d802d41b533db65435abfda6a567a9b5745fa9288e6

Malware Config

Targets

    • Target

      zeusvm_test002.exe

    • Size

      1.4MB

    • MD5

      05dfc8f126418c77521ff45f607257af

    • SHA1

      a784ca3c97a83532cf2a2d497365fa8e7fe353cf

    • SHA256

      1aab662435a6a2aeadf54ab5c31dbc6560dd4c9332769ed968e3ccf77ae8da68

    • SHA512

      1b2d930388c86edc62d7a3614779ed9e04ad1ed0382619f70e470cc1b9faf3a7248c17d6675620c1ba5a9d802d41b533db65435abfda6a567a9b5745fa9288e6

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks