Overview

overview

10

Static

static

cristalix_...up.exe

windows7_x64

10

cristalix_...up.exe

windows10-2004_x64

8

Resubmissions

01-05-2022 09:04

220501-k11j9shefq 10

01-05-2022 08:46

220501-kps12shdhr 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cristalix_updater-1.0.8-setup.exe

  • Size

    79.0MB

  • Sample

    220501-k11j9shefq

  • MD5

    992a47967462b1d3025239af460b42cb

  • SHA1

    b334dc686981f931976ecb4528806742ed9b40aa

  • SHA256

    3a8318628d0faf7f59bce86b16f2314c76baa3b051c347596b0062fff0038a0d

  • SHA512

    b612dff0b16d3f3b0d265f5658d28058baa390b2860a3d6067cfb134cda3e2c6fb12e7fac1bac72d3937b8e2b68cc188e617c0d17e5e8c8eab3b0a23bd262d50

Score
10/10
zloaderbotnetdiscoverytrojan

Malware Config

Targets

    • Target

      cristalix_updater-1.0.8-setup.exe

    • Size

      79.0MB

    • MD5

      992a47967462b1d3025239af460b42cb

    • SHA1

      b334dc686981f931976ecb4528806742ed9b40aa

    • SHA256

      3a8318628d0faf7f59bce86b16f2314c76baa3b051c347596b0062fff0038a0d

    • SHA512

      b612dff0b16d3f3b0d265f5658d28058baa390b2860a3d6067cfb134cda3e2c6fb12e7fac1bac72d3937b8e2b68cc188e617c0d17e5e8c8eab3b0a23bd262d50

    Score
    10/10
    zloaderbotnetdiscoverytrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks