General

  • Target

    ZLogger4.7.exe

  • Size

    79.0MB

  • Sample

    231125-r5h94sbf3z

  • MD5

    d0146ba4a2389891791ef2f1c0ac7a1c

  • SHA1

    d101f0319da6dae09d406a7b0227b5e95725e16c

  • SHA256

    9236a756a4f1d70338c934f0a0f0be119d6cc7319ee73a44a416cd2f17064987

  • SHA512

    130a48c2edc56c56d77d8197a34a6af4b6764f69ab590599c697da1387deb3fda092571d55c85a3e76d3dd5c23ed64c53676d57b395ea5ee64576b93a0ea6400

  • SSDEEP

    1572864:02MmiJR5QYHJiXGSk8IpG7V+VPhqoHZE7xHp5tWWfsnghowmaOllIWgawuBeWBg6:0ZmCxp0GSkB05awoHYJjlmghfxOllIR5

Malware Config

Targets

    • Target

      ZLogger4.7.exe

    • Size

      79.0MB

    • MD5

      d0146ba4a2389891791ef2f1c0ac7a1c

    • SHA1

      d101f0319da6dae09d406a7b0227b5e95725e16c

    • SHA256

      9236a756a4f1d70338c934f0a0f0be119d6cc7319ee73a44a416cd2f17064987

    • SHA512

      130a48c2edc56c56d77d8197a34a6af4b6764f69ab590599c697da1387deb3fda092571d55c85a3e76d3dd5c23ed64c53676d57b395ea5ee64576b93a0ea6400

    • SSDEEP

      1572864:02MmiJR5QYHJiXGSk8IpG7V+VPhqoHZE7xHp5tWWfsnghowmaOllIWgawuBeWBg6:0ZmCxp0GSkB05awoHYJjlmghfxOllIR5

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks