zingo | fdad86b2ec983b35f5b1970a3635af5a02ae2269e0f5fe1a744d05d7c3105ee6 | Triage

Submit
Reports

Overview

overview

Static

static

8

fdad86b2ec...e6.exe

windows7-x64

fdad86b2ec...e6.exe

windows10-2004-x64

Sharing

General

Target

fdad86b2ec983b35f5b1970a3635af5a02ae2269e0f5fe1a744d05d7c3105ee6
Size

316KB
Sample

220930-wfdesafceq
MD5

60152b2d3c2c54772f11eda222640673
SHA1

9cfdf58876f6bda081e43db0167da624502dc480
SHA256

fdad86b2ec983b35f5b1970a3635af5a02ae2269e0f5fe1a744d05d7c3105ee6
SHA512

e07949ce3d8bc214f32a2e19b1f9208984c13e3bff2e6c9c8d435d86fa7aed0b68ff1d6f9cd7f1e00802ff87cca05d5e346f47b91517091882b2c4fb514f57b1
SSDEEP

6144:BfVx2LwyrmLzvY37qMLq8loLkSQ/Ep6VN4+4b3jXtoH:B29RLF6LeKh6H

Score

10^/10

zingo spyware stealer trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fdad86b2ec983b35f5b1970a3635af5a02ae2269e0f5fe1a744d05d7c3105ee6.exe

Resource

win7-20220901-en

zingo spyware stealer trojan vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fdad86b2ec983b35f5b1970a3635af5a02ae2269e0f5fe1a744d05d7c3105ee6.exe

Resource

win10v2004-20220812-en

zingo spyware stealer trojan vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  fdad86b2ec983b35f5b1970a3635af5a02ae2269e0f5fe1a744d05d7c3105ee6
- Size
  
  316KB
- MD5
  
  60152b2d3c2c54772f11eda222640673
- SHA1
  
  9cfdf58876f6bda081e43db0167da624502dc480
- SHA256
  
  fdad86b2ec983b35f5b1970a3635af5a02ae2269e0f5fe1a744d05d7c3105ee6
- SHA512
  
  e07949ce3d8bc214f32a2e19b1f9208984c13e3bff2e6c9c8d435d86fa7aed0b68ff1d6f9cd7f1e00802ff87cca05d5e346f47b91517091882b2c4fb514f57b1
- SSDEEP
  
  6144:BfVx2LwyrmLzvY37qMLq8loLkSQ/Ep6VN4+4b3jXtoH:B29RLF6LeKh6H
Score

10^/10

zingo spyware stealer trojan vmprotect
- Zingo stealer
  Zingo is an info stealer first seen in March 2022.
  stealer trojan zingo
- Downloads MZ/PE file
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zingospywarestealertrojanvmprotect

behavioral2

zingospywarestealertrojanvmprotect

© 2018-2024

Terms | Privacy