Overview

overview

7

Static

static

1

7FAR - ZMo...42.dll

windows10-2004-x64

3

7FAR - ZMo...42.dll

windows10-2004-x64

3

7FAR - ZMo...r3.exe

windows10-2004-x64

7

7FAR - ZMo...00.dll

windows10-2004-x64

1

7FAR - ZMo...00.dll

windows10-2004-x64

3

7FAR - ZMo...00.dll

windows10-2004-x64

3

7FAR - ZMo...1).dll

windows10-2004-x64

1

7FAR - ZMo...ex.dll

windows10-2004-x64

1

7FAR - ZMo...1).dll

windows10-2004-x64

1

7FAR - ZMo...1).dll

windows10-2004-x64

1

7FAR - ZMo...A5.dll

windows10-2004-x64

1

7FAR - ZMo...ib.dll

windows10-2004-x64

1

7FAR - ZMo...1).exe

windows10-2004-x64

1

7FAR - ZMo...ol.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7FAR_-_ZModeler_3.1.2_build_1123.zip

  • Size

    15.2MB

  • Sample

    230419-nk4tjaca3t

  • MD5

    e0bba264a1e130ac410686e8fa6e0cc9

  • SHA1

    0f391de14b820de1db2074137746a6aa92623505

  • SHA256

    f3dfbacb9f780941ad25c4e5cfe7bd87e5593b5e6a6f83b3ba81eeca14721914

  • SHA512

    9b30a3db9a15cd8cf7be5a765f8a335dc8d6c0d73d0ed4ec287ba2137272eec4baafca2d30fbc09caa4e61d186ac495cacaac29ea0a1980e0dc76a4199f9d1f6

  • SSDEEP

    196608:5Y0YECwubNhwO2D7KkrY95J/Wh2E7Ke43qCNhe31cFh+HV8mdspwmREsdvQn:51nWjzW7ty5JOwEOx3/NkCiV8m+pwPn

Score
7/10

Malware Config

Targets

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/D3DCompiler_42.dll

    • Size

      1.9MB

    • MD5

      b33b21db610116262d906305ce65c354

    • SHA1

      38eef8d8917351ee9bdff2cc4fbfaefaa16b8231

    • SHA256

      6c976311406c23aa71018d274da0ecdef43b6e3a3b0b01e941a5e8e4e974386c

    • SHA512

      7049726ccbba90d06b3a56e1dbde8196935d4681b5548248cd3e6a8e38183c268152ba2b07eb90823bbe327c02ec946c59abe3562b59e29d9bcff8fe90e0adcc

    • SSDEEP

      24576:JvjFvnqUUI6tHi2E0HvSiMKR4lKNZtPUJplNNbvnnVb4T9zSAUtcLt/oW1XfY6RO:nvFD2E0H6iMFyFUJNNDnVbk9zRUtA/Nq

    Score
    3/10
    behavioral1

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/D3DX9_42.dll

    • Size

      1.8MB

    • MD5

      c6a44fc3cf2f5801561804272217b14d

    • SHA1

      a173e7007e0f522d47eb97068df0ca43563b22bc

    • SHA256

      f8b9cfab7fffbc8f98e41aa439d72921dc180634a1febca2a9d41a0df35d3472

    • SHA512

      2371844bc86cdce2d1933625b921b982c4d1b84a39698b51180b09a2d45732407d721fa01d294ca92a88777607a1bb00283f6bcdd4231137a388216d0b09dd5a

    • SSDEEP

      49152:E8kmV+RIMtAO1r5EHT7SPy/OsXEKWtElmrAtmguohFR:E8k8+RIMtAO1r5EHT7SPy/XXtlmrAAgd

    Score
    3/10
    behavioral2

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/ZModeler3.exe

    • Size

      2.1MB

    • MD5

      ba9c3b1175816bccc94569cecafcc56a

    • SHA1

      76d2efe2e2e2707b1d6c6b07df46378c7fdc87f7

    • SHA256

      6d077be498b6fe479f1e436dc9fe6ab340953fd73b8f48542a450778289f7cf9

    • SHA512

      5096213f5549f6df818a7ec87be2117d2a1dcef5880b7222c3a400a3102196acc61b77a5325838b98322b329fc01069dfdc1664a4fc460dbc506989313062c35

    • SSDEEP

      49152:8RbCzUWavtaGk/aDtDFzfaupR1g6pyItvY2v3Q:8AUWavhDjXpLtQ2v3

    Score
    7/10

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/mfc100.dll

    • Size

      4.1MB

    • MD5

      07bccdcc337d393d7db0b2f8fe200b3f

    • SHA1

      5a02b227cb0a22a8e7884cd138c3e8568d083d94

    • SHA256

      bf38dda13b938b49a4df72b6477342373ee6e151be12c25cb0c17662fcb4bcd4

    • SHA512

      e5637727a549cf7b88f13474097a71200f0dfa511ecd55c5a42e5f53e9f86ce8b7ce763448830fd073e232876f7537bad96f2ced8d3159558778460264d07639

    • SSDEEP

      98304:BZP0PvxMJfTcXPSo0akd+BPSLC4IEy+XNy136jCfsqLhDIJJGN8mFLOAkGkzdnEe:BZP2iIE80qLrHFLOyomFHKnPAG

    Score
    1/10
    behavioral4

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/msvcp100.dll

    • Size

      411KB

    • MD5

      03e9314004f504a14a61c3d364b62f66

    • SHA1

      0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

    • SHA256

      a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

    • SHA512

      2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

    • SSDEEP

      12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8

    Score
    3/10
    behavioral5

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/msvcr100.dll

    • Size

      752KB

    • MD5

      67ec459e42d3081dd8fd34356f7cafc1

    • SHA1

      1738050616169d5b17b5adac3ff0370b8c642734

    • SHA256

      1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

    • SHA512

      9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

    • SSDEEP

      12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5

    Score
    3/10
    behavioral6

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/tools/DirectXTex(1).dll

    • Size

      325KB

    • MD5

      f1d86861d176f779df75880f101a7840

    • SHA1

      04c5f71ce644cb62ccbfee55dbb754621ef7eb5c

    • SHA256

      62393e67f491779268b447713014bcd6acf9e8c796fe6694affcb22ebbc2c818

    • SHA512

      1b529fd31eab1111201c0a2b43b81821d65b5b57cd23d5e6315734f7169c4abf341ebe3430897fe49d86791d8721009e9831aa294cf8a6f1bcf8acb46cdeb3c7

    • SSDEEP

      3072:CINSE01eLy8HqGlWWIpsmhz9rgU7E/iPLM2agr8DWhr6c0s:CaSE8eLF0/X7o

    Score
    1/10
    behavioral7

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/tools/DirectXTex.dll

    • Size

      325KB

    • MD5

      f1d86861d176f779df75880f101a7840

    • SHA1

      04c5f71ce644cb62ccbfee55dbb754621ef7eb5c

    • SHA256

      62393e67f491779268b447713014bcd6acf9e8c796fe6694affcb22ebbc2c818

    • SHA512

      1b529fd31eab1111201c0a2b43b81821d65b5b57cd23d5e6315734f7169c4abf341ebe3430897fe49d86791d8721009e9831aa294cf8a6f1bcf8acb46cdeb3c7

    • SSDEEP

      3072:CINSE01eLy8HqGlWWIpsmhz9rgU7E/iPLM2agr8DWhr6c0s:CaSE8eLF0/X7o

    Score
    1/10
    behavioral8

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/tools/RageLib(1).dll

    • Size

      42KB

    • MD5

      4b1d151be5186107c6c413d42e4da77b

    • SHA1

      c695a8cba1fa19cd26f424feedaaef25cc1d900c

    • SHA256

      de238313a8092b1ddeac7ebf30ab355441718db638ac3b36cdf935386251c0ee

    • SHA512

      9fd803fafe0f75bc5a5009af1b4b625ef02cf09baa6ad3e82cdaccbf25f4bf32b8332c4ccc5f35a47df2dc31441a2408a1333e5669334aedc6f4945e2cee4b23

    • SSDEEP

      768:n4ELarGmdjqXfNINkcs8Ve88c8ey7vVSy88y88y88y88y8s8q8A8v8888888888v:wGKjqX1INNFd99YHJkgKx

    Score
    1/10
    behavioral9

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/tools/RageLib.GTA5(1).dll

    • Size

      181KB

    • MD5

      dff58c2870e353cf5b6af79b9ac14497

    • SHA1

      0514cd38c41f3f4d60f9c9d6cf9aa7d3c99cabee

    • SHA256

      8c6444b3fba4f5b0e205d8963101f09d4c11ff5322a200a6749161bc21053eac

    • SHA512

      d7c5b52e8fea6aaf634c4f6791bb6bc5e5145eea879241cd1c6b3a65164ded894f7436520452a4b514ffbc2b4f9696e4e24d591f581d31384d5be61f24330c9e

    • SSDEEP

      3072:Cq0kuKc0ls7Wt+6mELyXwlx0nl+zq90Mce/E8f5/sn0xngTbc4:O1Kt0wl6uu/E8fNn

    Score
    1/10
    behavioral10

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/tools/RageLib.GTA5.dll

    • Size

      181KB

    • MD5

      dff58c2870e353cf5b6af79b9ac14497

    • SHA1

      0514cd38c41f3f4d60f9c9d6cf9aa7d3c99cabee

    • SHA256

      8c6444b3fba4f5b0e205d8963101f09d4c11ff5322a200a6749161bc21053eac

    • SHA512

      d7c5b52e8fea6aaf634c4f6791bb6bc5e5145eea879241cd1c6b3a65164ded894f7436520452a4b514ffbc2b4f9696e4e24d591f581d31384d5be61f24330c9e

    • SSDEEP

      3072:Cq0kuKc0ls7Wt+6mELyXwlx0nl+zq90Mce/E8f5/sn0xngTbc4:O1Kt0wl6uu/E8fNn

    Score
    1/10
    behavioral11

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/tools/RageLib.dll

    • Size

      42KB

    • MD5

      4b1d151be5186107c6c413d42e4da77b

    • SHA1

      c695a8cba1fa19cd26f424feedaaef25cc1d900c

    • SHA256

      de238313a8092b1ddeac7ebf30ab355441718db638ac3b36cdf935386251c0ee

    • SHA512

      9fd803fafe0f75bc5a5009af1b4b625ef02cf09baa6ad3e82cdaccbf25f4bf32b8332c4ccc5f35a47df2dc31441a2408a1333e5669334aedc6f4945e2cee4b23

    • SSDEEP

      768:n4ELarGmdjqXfNINkcs8Ve88c8ey7vVSy88y88y88y88y8s8q8A8v8888888888v:wGKjqX1INNFd99YHJkgKx

    Score
    1/10
    behavioral12

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/tools/TextureTool(1).exe

    • Size

      97KB

    • MD5

      d885f5bcd07f23a3fca8f9ed85a6d1ff

    • SHA1

      559081b393b33e2483af685cd93b4ba119e92031

    • SHA256

      6a93744b89f54db346219595d1d87777768668b3936446736e4306c26eab9e44

    • SHA512

      dca902990ee697a419ddd720b2091dbb251e7cefc4ec82070b7007d2643bfadab786d27a190848872bb2e99d49d6456f1c5b728164243dcf937d104a0ffaf132

    • SSDEEP

      384:kCKre+K2olcwtc1CSZna+6+0aG9DG2pcdbZb26fdxczB/NLBiOnncUPnsyYSFpZg:wCc1CSZn9gaG9G269zsBgl35E9sfbOk

    Score
    1/10
    behavioral13

    • Target

      7FAR - ZModeler 3.1.2 (build 1123)/tools/TextureTool.exe

    • Size

      97KB

    • MD5

      d885f5bcd07f23a3fca8f9ed85a6d1ff

    • SHA1

      559081b393b33e2483af685cd93b4ba119e92031

    • SHA256

      6a93744b89f54db346219595d1d87777768668b3936446736e4306c26eab9e44

    • SHA512

      dca902990ee697a419ddd720b2091dbb251e7cefc4ec82070b7007d2643bfadab786d27a190848872bb2e99d49d6456f1c5b728164243dcf937d104a0ffaf132

    • SSDEEP

      384:kCKre+K2olcwtc1CSZna+6+0aG9DG2pcdbZb26fdxczB/NLBiOnncUPnsyYSFpZg:wCc1CSZn9gaG9G269zsBgl35E9sfbOk

    Score
    1/10
    behavioral14

MITRE ATT&CK Matrix

Tasks