General
-
Target
10b4489a3ac26cb106896685ce42a04c2b6d977de9f0d250e6a3503d5c30405c
-
Size
184KB
-
Sample
220504-pqmmwadga9
-
MD5
36f682e7bfc3c8fec5942271fefdd875
-
SHA1
d70e0fbd210f64763fcd4fcdc2e15742734c1728
-
SHA256
10b4489a3ac26cb106896685ce42a04c2b6d977de9f0d250e6a3503d5c30405c
-
SHA512
a4fdfa152703db74e139f482b0c833479007578c50750d992a035ad69e5cd08b4aef8cbe82085d9a6e3f11c886843b333fdf6289fc744315d6d8752eeb2358c5
Static task
static1
Malware Config
Targets
-
-
Target
10b4489a3ac26cb106896685ce42a04c2b6d977de9f0d250e6a3503d5c30405c
-
Size
184KB
-
MD5
36f682e7bfc3c8fec5942271fefdd875
-
SHA1
d70e0fbd210f64763fcd4fcdc2e15742734c1728
-
SHA256
10b4489a3ac26cb106896685ce42a04c2b6d977de9f0d250e6a3503d5c30405c
-
SHA512
a4fdfa152703db74e139f482b0c833479007578c50750d992a035ad69e5cd08b4aef8cbe82085d9a6e3f11c886843b333fdf6289fc744315d6d8752eeb2358c5
-
suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)
suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-