General
-
Target
Zurn.exe
-
Size
8.2MB
-
Sample
240225-adwyfshg3s
-
MD5
f267bbd31570f8b7ea14a9e58df5b563
-
SHA1
d44473876de7e24f1dbe80c524634518c5c08e2c
-
SHA256
363d163192d3ace4094633ee8cc03a3165fa3052f6e384a739eec4b220459ee5
-
SHA512
9263a4ed15e29b82305b3e55d238cfd62cd2718be682e7a0ad7b24bc602baf54d59f106890ce011abc2ffb38a99a66625b9389f779502a970774ef634454d14e
-
SSDEEP
196608:qhsEzRVg3Ljv+bhqNVoB8Ck5c7GpNlpq41J2ySEcbk9qtlDfqW0:B7L+9qz88Ck+7q3p91JmcqfqW0
Behavioral task
behavioral1
Sample
Zurn.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
Zurn.exe
-
Size
8.2MB
-
MD5
f267bbd31570f8b7ea14a9e58df5b563
-
SHA1
d44473876de7e24f1dbe80c524634518c5c08e2c
-
SHA256
363d163192d3ace4094633ee8cc03a3165fa3052f6e384a739eec4b220459ee5
-
SHA512
9263a4ed15e29b82305b3e55d238cfd62cd2718be682e7a0ad7b24bc602baf54d59f106890ce011abc2ffb38a99a66625b9389f779502a970774ef634454d14e
-
SSDEEP
196608:qhsEzRVg3Ljv+bhqNVoB8Ck5c7GpNlpq41J2ySEcbk9qtlDfqW0:B7L+9qz88Ck+7q3p91JmcqfqW0
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-