General
-
Target
ZLogger4.7.exe
-
Size
79.0MB
-
Sample
231125-r5h94sbf3z
-
MD5
d0146ba4a2389891791ef2f1c0ac7a1c
-
SHA1
d101f0319da6dae09d406a7b0227b5e95725e16c
-
SHA256
9236a756a4f1d70338c934f0a0f0be119d6cc7319ee73a44a416cd2f17064987
-
SHA512
130a48c2edc56c56d77d8197a34a6af4b6764f69ab590599c697da1387deb3fda092571d55c85a3e76d3dd5c23ed64c53676d57b395ea5ee64576b93a0ea6400
-
SSDEEP
1572864:02MmiJR5QYHJiXGSk8IpG7V+VPhqoHZE7xHp5tWWfsnghowmaOllIWgawuBeWBg6:0ZmCxp0GSkB05awoHYJjlmghfxOllIR5
Behavioral task
behavioral1
Sample
ZLogger4.7.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
ZLogger4.7.exe
Resource
win10v2004-20231025-en
Malware Config
Targets
-
-
Target
ZLogger4.7.exe
-
Size
79.0MB
-
MD5
d0146ba4a2389891791ef2f1c0ac7a1c
-
SHA1
d101f0319da6dae09d406a7b0227b5e95725e16c
-
SHA256
9236a756a4f1d70338c934f0a0f0be119d6cc7319ee73a44a416cd2f17064987
-
SHA512
130a48c2edc56c56d77d8197a34a6af4b6764f69ab590599c697da1387deb3fda092571d55c85a3e76d3dd5c23ed64c53676d57b395ea5ee64576b93a0ea6400
-
SSDEEP
1572864:02MmiJR5QYHJiXGSk8IpG7V+VPhqoHZE7xHp5tWWfsnghowmaOllIWgawuBeWBg6:0ZmCxp0GSkB05awoHYJjlmghfxOllIR5
Score9/10-
Enumerates VirtualBox DLL files
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1