Overview

overview

10

Static

static

8

update.exe

windows7_x64

10

update.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    update.7z

  • Size

    5.3MB

  • Sample

    220507-gmh7aacaf4

  • MD5

    79695e161967335b12798c150aee3405

  • SHA1

    86a028b2ac7675a803358876aaae5f8c1a4facca

  • SHA256

    eabde0185b4ff5b906aee5d9e6fd96cdbfa49ba747b240d4785ee680eb4d0a3d

  • SHA512

    c64a9df20a69f3bed8f7f23763f988581eb9abde8818e50154ceb5d6980a36642a280388ce0cdfc18027aa4c97278c4e0dcc5dd29c861be0a32b96e659e62bd5

Score
10/10
zebrocybackdoorransomwarespywarestealertrojanvmprotect

Malware Config

Targets

    • Target

      update.exe

    • Size

      5.5MB

    • MD5

      0c102c54f0ad17c2cdd9c89c5c3f3cf7

    • SHA1

      844fab5d39fc17eef2f7a1dc3be91ead3150c857

    • SHA256

      eece013ca6b8ce18ad9dfafa95689aa683586aa812d911457e97b0cff6db5113

    • SHA512

      62a9d1338bce7a83e4e4258920b7a35d3263e7a2e356824d12c0b3b9ebd124d7e0a58bc7fb516a3733c668d7d25b39c2814ed7e0c810b4fac30ac08e53f5a675

    Score
    10/10
    zebrocybackdoorransomwarespywarestealertrojanvmprotect

    • Zebrocy

      Zebrocy is a backdoor created by Sofacy threat group and has multiple variants developed in different languages.

      trojanbackdoorzebrocy

    • Zebrocy Go Variant

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks