Overview

overview

8

Static

static

Ziproar.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ziproar.exe.7z

  • Size

    1.0MB

  • Sample

    221123-z3dkvahe2t

  • MD5

    176298c19fb99298e0e2eb0f96f7a1b4

  • SHA1

    f8d34aa47a7a552a0877486cbbd9faa03843cdc1

  • SHA256

    c3ca6ff83b2c833c430b8a13bc767df391de562031b38db0f01ee2cad6a158e9

  • SHA512

    0462b923792ac9c01a26b3600443aca67176c6dc9552392abf20e248f4a2a6c60d96a22e8b9fc574fb4a44413167a84eaeb9714fa8051918870789ac02985428

  • SSDEEP

    24576:TqpE73SeyLBDkNqs7dfBxhDh1fOMwXq3oXivoySzEnXpd8TtB5vNPH:TqpQSNLBgNqsnh1XwXIoXjySgL8v5vN/

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      Ziproar.exe

    • Size

      1.2MB

    • MD5

      2ec2320d4eed30db02d36b9dacfb44e9

    • SHA1

      018d7d4a124aa6e8a17586d4610608bc4e84533c

    • SHA256

      5bcd2e971509198523001843ba1f8d7e5cd1aebcf2e347acc58a21fbb8307aee

    • SHA512

      8a834cee216dfba2635cd0b9e0c5a9cadcfd100e7427651416c8fb65bdeb01c23a63fe3abb4306bebeee7f54327de9aa4da85418761b710d6d549919dd23c10d

    • SSDEEP

      24576:cLlgAi31nyHQLAgcDyOTG64fvVxSWsdezc0SEI:cy3nyHQLAgcRV4fHfhkEI

    Score
    8/10
    discoverypersistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks