General
-
Target
e0f57576c19411ad3311dc207af97abfc40138cbf014a090da01bd3a2a5463ba
-
Size
185KB
-
Sample
220504-pqmmwadga8
-
MD5
c795181ec19574853c944ce0858bdbaa
-
SHA1
9644d104cb05a61904c28238c6bdbee56b5acb56
-
SHA256
e0f57576c19411ad3311dc207af97abfc40138cbf014a090da01bd3a2a5463ba
-
SHA512
84f1b604374e7391d29c1df67097f5f14724e9c6b10dca95a65397f51feaa20f0b3420ea6a47c85d85df6a12a048aab0b195899aed2cd73bc1f854c3688f3275
Static task
static1
Malware Config
Targets
-
-
Target
e0f57576c19411ad3311dc207af97abfc40138cbf014a090da01bd3a2a5463ba
-
Size
185KB
-
MD5
c795181ec19574853c944ce0858bdbaa
-
SHA1
9644d104cb05a61904c28238c6bdbee56b5acb56
-
SHA256
e0f57576c19411ad3311dc207af97abfc40138cbf014a090da01bd3a2a5463ba
-
SHA512
84f1b604374e7391d29c1df67097f5f14724e9c6b10dca95a65397f51feaa20f0b3420ea6a47c85d85df6a12a048aab0b195899aed2cd73bc1f854c3688f3275
-
suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)
suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-