General
-
Target
Zlogger.exe
-
Size
76.1MB
-
Sample
231130-v61gkafc2w
-
MD5
4a0dfb4270c69a37e46acff7b347eaa1
-
SHA1
124d336f082b19f3ecbf2deb99201a50ba591f43
-
SHA256
be8b389d3fb5adc555760886cd8d0045de3b4b1c73168f30a7a257e3510a8c69
-
SHA512
e1a6cc8537c23f2f9731bdd8d16d4d82aadf0c9730ac0944c061c4d943abafb361759b7b779d402d8e6c1295b9663f6954383f4f90a9574fff575ac04ea42cd3
-
SSDEEP
1572864:f2MbiJR5Q3jZD6Sk8IpG7V+VPhq+SE7RjC/WlsnghowmaOllkW1awLBtWBqX:fZbC+MSkB05aw+1uOsghfxOllkIawLXb
Behavioral task
behavioral1
Sample
Zlogger.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Zlogger.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
Zlogger.exe
-
Size
76.1MB
-
MD5
4a0dfb4270c69a37e46acff7b347eaa1
-
SHA1
124d336f082b19f3ecbf2deb99201a50ba591f43
-
SHA256
be8b389d3fb5adc555760886cd8d0045de3b4b1c73168f30a7a257e3510a8c69
-
SHA512
e1a6cc8537c23f2f9731bdd8d16d4d82aadf0c9730ac0944c061c4d943abafb361759b7b779d402d8e6c1295b9663f6954383f4f90a9574fff575ac04ea42cd3
-
SSDEEP
1572864:f2MbiJR5Q3jZD6Sk8IpG7V+VPhq+SE7RjC/WlsnghowmaOllkW1awLBtWBqX:fZbC+MSkB05aw+1uOsghfxOllkIawLXb
Score9/10-
Enumerates VirtualBox DLL files
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1