General
-
Target
Zen_External.exe
-
Size
23.9MB
-
Sample
230205-dq42dabd21
-
MD5
c0606e745e723e2aaa2bd168cfeac3b5
-
SHA1
df1b9796d8d4013cba69e6d10593f338ff28286d
-
SHA256
0435e0bd402528439a7b56f56865c7334760c1773eef02f04468886a03255d01
-
SHA512
b4a296501b1e139b81522d759f61c3069399ae5589354f4f4a4da74e0b156ffee098811716119e5c32c7ea38d74ffe56156b288977fed2812ba7d1b0d2595a02
-
SSDEEP
393216:ru7L/quMEB9ThInEroXM8SO9g6uXureMrDzOVxzIy5cmcaglj14S2HKn8DlCIx2o:rCLS0B9TSErUGOHzeMKVxzx5cmcbleHS
Behavioral task
behavioral1
Sample
Zen_External.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
Zen_External.exe
-
Size
23.9MB
-
MD5
c0606e745e723e2aaa2bd168cfeac3b5
-
SHA1
df1b9796d8d4013cba69e6d10593f338ff28286d
-
SHA256
0435e0bd402528439a7b56f56865c7334760c1773eef02f04468886a03255d01
-
SHA512
b4a296501b1e139b81522d759f61c3069399ae5589354f4f4a4da74e0b156ffee098811716119e5c32c7ea38d74ffe56156b288977fed2812ba7d1b0d2595a02
-
SSDEEP
393216:ru7L/quMEB9ThInEroXM8SO9g6uXureMrDzOVxzIy5cmcaglj14S2HKn8DlCIx2o:rCLS0B9TSErUGOHzeMKVxzx5cmcbleHS
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-