523580b16e141809cb5c874e3436d5545e46d364d9d2d67cfc2758fe6a4f92a3 | Triage

Sharing

General

Target

523580b16e141809cb5c874e3436d5545e46d364d9d2d67cfc2758fe6a4f92a3
Size

208KB
Sample

220717-ea935afefj
MD5

41c860f6170bfec4e64452470328df07
SHA1

650ae39c8a280e864899b6ca9a0e155bf450ded2
SHA256

523580b16e141809cb5c874e3436d5545e46d364d9d2d67cfc2758fe6a4f92a3
SHA512

0cf116be3e1f5c73f7d820a47cdee3bcf8ed3fe30b19334cd9dbf469f442304d48b6b325fc054dee1fbd64e97c623dff7c59b6b9b7d93c0010a07f7881b25fa5

Score

10^/10

persistence suricata

Malware Config

Targets

- Target
  
  523580b16e141809cb5c874e3436d5545e46d364d9d2d67cfc2758fe6a4f92a3
- Size
  
  208KB
- MD5
  
  41c860f6170bfec4e64452470328df07
- SHA1
  
  650ae39c8a280e864899b6ca9a0e155bf450ded2
- SHA256
  
  523580b16e141809cb5c874e3436d5545e46d364d9d2d67cfc2758fe6a4f92a3
- SHA512
  
  0cf116be3e1f5c73f7d820a47cdee3bcf8ed3fe30b19334cd9dbf469f442304d48b6b325fc054dee1fbd64e97c623dff7c59b6b9b7d93c0010a07f7881b25fa5
Score

10^/10

persistence suricata
- suricata: ET MALWARE Zbot Generic URI/Header Struct .bin
  suricata: ET MALWARE Zbot Generic URI/Header Struct .bin
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2