zingo | 1384cc588ec40608f603b100e6fe9d1a339fc9453fc4ca46c863cd9863fc7d1b | Triage

Sharing

General

Target

1384cc588ec40608f603b100e6fe9d1a339fc9453fc4ca46c863cd9863fc7d1b
Size

48KB
Sample

220930-we5gwaecd3
MD5

6580d2da65d04dfc0cbef328d205c110
SHA1

6b30683af7576935072e02852efc1f93b5403e7f
SHA256

1384cc588ec40608f603b100e6fe9d1a339fc9453fc4ca46c863cd9863fc7d1b
SHA512

664ea9c5d25d7e2d968d174724ed484364ff3c156ea0b62dda0d0ba3697c6e03de73333485cd9b974df4ae6f4a5741bb0cb1dbd9e9771dfdf8b9d5ac64b60a52
SSDEEP

768:mMVu2yIe2MujWhQNHAFXVje40u+0XJ6n8cOwP0/Cj:LVbOIxyVj00ZX+

Score

10^/10

zingo spyware stealer trojan

Malware Config

Targets

- Target
  
  1384cc588ec40608f603b100e6fe9d1a339fc9453fc4ca46c863cd9863fc7d1b
- Size
  
  48KB
- MD5
  
  6580d2da65d04dfc0cbef328d205c110
- SHA1
  
  6b30683af7576935072e02852efc1f93b5403e7f
- SHA256
  
  1384cc588ec40608f603b100e6fe9d1a339fc9453fc4ca46c863cd9863fc7d1b
- SHA512
  
  664ea9c5d25d7e2d968d174724ed484364ff3c156ea0b62dda0d0ba3697c6e03de73333485cd9b974df4ae6f4a5741bb0cb1dbd9e9771dfdf8b9d5ac64b60a52
- SSDEEP
  
  768:mMVu2yIe2MujWhQNHAFXVje40u+0XJ6n8cOwP0/Cj:LVbOIxyVj00ZX+
Score

10^/10

zingo spyware stealer trojan
- Zingo stealer
  Zingo is an info stealer first seen in March 2022.
  stealer trojan zingo
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zingospywarestealertrojan

behavioral2

zingospywarestealertrojan