General

  • Target

    Zurn.exe

  • Size

    8.2MB

  • Sample

    240225-adwyfshg3s

  • MD5

    f267bbd31570f8b7ea14a9e58df5b563

  • SHA1

    d44473876de7e24f1dbe80c524634518c5c08e2c

  • SHA256

    363d163192d3ace4094633ee8cc03a3165fa3052f6e384a739eec4b220459ee5

  • SHA512

    9263a4ed15e29b82305b3e55d238cfd62cd2718be682e7a0ad7b24bc602baf54d59f106890ce011abc2ffb38a99a66625b9389f779502a970774ef634454d14e

  • SSDEEP

    196608:qhsEzRVg3Ljv+bhqNVoB8Ck5c7GpNlpq41J2ySEcbk9qtlDfqW0:B7L+9qz88Ck+7q3p91JmcqfqW0

Malware Config

Targets

    • Target

      Zurn.exe

    • Size

      8.2MB

    • MD5

      f267bbd31570f8b7ea14a9e58df5b563

    • SHA1

      d44473876de7e24f1dbe80c524634518c5c08e2c

    • SHA256

      363d163192d3ace4094633ee8cc03a3165fa3052f6e384a739eec4b220459ee5

    • SHA512

      9263a4ed15e29b82305b3e55d238cfd62cd2718be682e7a0ad7b24bc602baf54d59f106890ce011abc2ffb38a99a66625b9389f779502a970774ef634454d14e

    • SSDEEP

      196608:qhsEzRVg3Ljv+bhqNVoB8Ck5c7GpNlpq41J2ySEcbk9qtlDfqW0:B7L+9qz88Ck+7q3p91JmcqfqW0

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks