Resubmissions

30-09-2022 19:08

220930-xtjpdsedh3 10

22-09-2022 12:24

220922-pk6hssbec4 7

General

  • Target

    241876c671f56d4e0ccf4333735882567ca8dbf73c893bb8ba971d8aaf144407.bin

  • Size

    170KB

  • Sample

    220922-pk6hssbec4

  • MD5

    ffbe42e28872589bf30ee47453cf7317

  • SHA1

    a635d9935407edc15fb3c8009a9b0c79eac30349

  • SHA256

    241876c671f56d4e0ccf4333735882567ca8dbf73c893bb8ba971d8aaf144407

  • SHA512

    1ee2b2613c9ac09ac14f2baeadd726b365d6e3dd678102f3c37057ccd0aadba52417e1a95f2ad1adf5dd15cc613ddfe84b4b2a61fca24113fe96d053bfa9094a

  • SSDEEP

    3072:8t65yT29uuZxb6jJqLK/B39FCITOYfc/PmDfMZUzZciGabJ:8+79umbFO/FCITOYfc/PmDfMZUzZciGw

Malware Config

Targets

    • Target

      241876c671f56d4e0ccf4333735882567ca8dbf73c893bb8ba971d8aaf144407.bin

    • Size

      170KB

    • MD5

      ffbe42e28872589bf30ee47453cf7317

    • SHA1

      a635d9935407edc15fb3c8009a9b0c79eac30349

    • SHA256

      241876c671f56d4e0ccf4333735882567ca8dbf73c893bb8ba971d8aaf144407

    • SHA512

      1ee2b2613c9ac09ac14f2baeadd726b365d6e3dd678102f3c37057ccd0aadba52417e1a95f2ad1adf5dd15cc613ddfe84b4b2a61fca24113fe96d053bfa9094a

    • SSDEEP

      3072:8t65yT29uuZxb6jJqLK/B39FCITOYfc/PmDfMZUzZciGabJ:8+79umbFO/FCITOYfc/PmDfMZUzZciGw

    • Zingo stealer

      Zingo is an info stealer first seen in March 2022.

    • Zingo stealer payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation

                    Tasks