0e3039b46cb8212e4787ca372d313cfc70a830cacbd54c80444574daeb26c77c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Zenith.msi
Size

4.8MB
Sample

240113-bqhf9shddr
MD5

db46881cd32a09fa8c8c4a39d647f3d0
SHA1

56354ab0953ab57ab6c681d0bb4c1078cbfea4ad
SHA256

0e3039b46cb8212e4787ca372d313cfc70a830cacbd54c80444574daeb26c77c
SHA512

bbe6a41f4e507e2137227fb7ff91c3c3791a1436ea1d6498d81310037536fc4716f58cf3db43d7443eeed6b212cff9140773893eb1d31afe9195530484b7ca38
SSDEEP

98304:IZ6HW4qRS1LAib59iUPhYCFZCJLyDcbt0hpkvmZOQL07rjA:IZ6xkeLJiUPhdZCccbMOX

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Zenith.msi
- Size
  
  4.8MB
- MD5
  
  db46881cd32a09fa8c8c4a39d647f3d0
- SHA1
  
  56354ab0953ab57ab6c681d0bb4c1078cbfea4ad
- SHA256
  
  0e3039b46cb8212e4787ca372d313cfc70a830cacbd54c80444574daeb26c77c
- SHA512
  
  bbe6a41f4e507e2137227fb7ff91c3c3791a1436ea1d6498d81310037536fc4716f58cf3db43d7443eeed6b212cff9140773893eb1d31afe9195530484b7ca38
- SSDEEP
  
  98304:IZ6HW4qRS1LAib59iUPhYCFZCJLyDcbt0hpkvmZOQL07rjA:IZ6xkeLJiUPhdZCccbMOX
Score

8^/10

persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2