General
-
Target
3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311
-
Size
251KB
-
Sample
220628-tnmmbacde3
-
MD5
3b522c3e3fc6cf29a2c8c65a80f14a08
-
SHA1
91d0554ae2d347a98a695b4ee9aea4061794bb38
-
SHA256
3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311
-
SHA512
a1dba2dd77ae3637b0809aece3ffb8827e21498d3127b56d6390ced34444ccf10c56a2741b4c52cf53efa5ab0dcdcfc52e68561322dab74d975e9e15b6d545aa
Static task
static1
Behavioral task
behavioral1
Sample
3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311
-
Size
251KB
-
MD5
3b522c3e3fc6cf29a2c8c65a80f14a08
-
SHA1
91d0554ae2d347a98a695b4ee9aea4061794bb38
-
SHA256
3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311
-
SHA512
a1dba2dd77ae3637b0809aece3ffb8827e21498d3127b56d6390ced34444ccf10c56a2741b4c52cf53efa5ab0dcdcfc52e68561322dab74d975e9e15b6d545aa
Score10/10-
suricata: ET MALWARE Self-Signed Cert Observed in Various Zbot Strains
suricata: ET MALWARE Self-Signed Cert Observed in Various Zbot Strains
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Loads dropped DLL
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-