General

  • Target

    0082b8b2b7ac562db544fd81b26229fd2a6a6c04a9c86123cbd89a285eeb2594

  • Size

    433KB

  • Sample

    220129-zeat2shahr

  • MD5

    1ff517fb0f45cf09acdad03cd5a2fa63

  • SHA1

    0588ee87b824e734cfdb2af29143aa19ce83869f

  • SHA256

    0082b8b2b7ac562db544fd81b26229fd2a6a6c04a9c86123cbd89a285eeb2594

  • SHA512

    e4385402843cc6d0990b103692a351f4e8cb3c30a5dd228ba39be0388f065ce1e2e130fd6edb772a32a237e835f0458e645ce78c0645ce13e3d485c9a2f635fa

Malware Config

Targets

    • Target

      0082b8b2b7ac562db544fd81b26229fd2a6a6c04a9c86123cbd89a285eeb2594

    • Size

      433KB

    • MD5

      1ff517fb0f45cf09acdad03cd5a2fa63

    • SHA1

      0588ee87b824e734cfdb2af29143aa19ce83869f

    • SHA256

      0082b8b2b7ac562db544fd81b26229fd2a6a6c04a9c86123cbd89a285eeb2594

    • SHA512

      e4385402843cc6d0990b103692a351f4e8cb3c30a5dd228ba39be0388f065ce1e2e130fd6edb772a32a237e835f0458e645ce78c0645ce13e3d485c9a2f635fa

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Remote System Discovery

1
T1018

Tasks