Resubmissions

02/03/2024, 16:31

240302-t1gltsfc92 8

02/03/2024, 13:10

240302-qeenkadf7z 10

General

  • Target

    PowerISO8-x64.exe

  • Size

    4.9MB

  • Sample

    240302-qeenkadf7z

  • MD5

    d884550a8b075167353db3bc9118dd18

  • SHA1

    5975cbc800d452546a0ec7456d19fccc15ed085a

  • SHA256

    be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb

  • SHA512

    0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf

  • SSDEEP

    98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8

Malware Config

Targets

    • Target

      PowerISO8-x64.exe

    • Size

      4.9MB

    • MD5

      d884550a8b075167353db3bc9118dd18

    • SHA1

      5975cbc800d452546a0ec7456d19fccc15ed085a

    • SHA256

      be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb

    • SHA512

      0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf

    • SSDEEP

      98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Creates new service(s)

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $0

    • Size

      135KB

    • MD5

      92eae8dec1f992db12aa23d9d55f264a

    • SHA1

      add6697b8c1c71980e391619e81e0bada05e38ee

    • SHA256

      d01a58e0a222e4d301b75ae80150d8cbc17f56b3f6458352d2c7c449be302eee

    • SHA512

      443a12a1a49e388725ee347e650297ba5268d655acd08e623ea988cde07ae08ae861620b600fb223358339eeab926fee1c8377386501310c68a3eb9515649441

    • SSDEEP

      3072:hl1VSgPra4TD5Yt2JVLuPIqEjOZN7mPARacgx:hl3DtYtm+Ij2aZ

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    • Target

      $PLUGINSDIR/modern-header.bmp

    • Size

      68KB

    • MD5

      ca2542b0e66e48d7e3f361c8eef8f720

    • SHA1

      368093fbcbf5dfe2cd58e77f2d6eee7ea5b808cb

    • SHA256

      4566dfcc153cba168a02eebc5ddd9d82832cf463ebb8ecb4ec2f269f9f85aeca

    • SHA512

      72296dd3d0a741caf051a326cd703b59132136bccbe43c000cf4e57e3d7955aa812501a59f4f62530b2a2b8a73bebf55d32aa428a869c4c840fc16bca1788a33

    • SSDEEP

      384:tZfV37EjIopEmmR2vqTf73cynNOBD97H5x1QJOa5/LIsW4Jl7tJegwf0NY:rejIodmMiTDzNOBV/o5/jJl7DTNY

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      ec9640b70e07141febbe2cd4cc42510f

    • SHA1

      64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

    • SHA256

      c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

    • SHA512

      47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

    • SSDEEP

      192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc

    Score
    3/10
    • Target

      $R0

    • Size

      69KB

    • MD5

      9d199564b65a91a531b23844649459e9

    • SHA1

      8d84359ced1c51d14e70cb5ed36a6083c8b914cf

    • SHA256

      8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42

    • SHA512

      ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1

    • SSDEEP

      768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW

    Score
    1/10
    • Target

      $TEMP/$0

    • Size

      29KB

    • MD5

      c3b224d15a9036805575b2ff0bcefeda

    • SHA1

      74779ae82a97e97d770435d097821810f16c97c5

    • SHA256

      23d8aeff49ffbac9f9490e9739e059cd7064516dbcd693fe2de77830b127ff8a

    • SHA512

      5a5d98cc9a4aca076049340a4645879a8e4a1d2e24a672015627446d7e3729acf0b64bc8a0f702b8da735d22607fe13ba3ef6a497a57891804576899b06bb461

    • SSDEEP

      384:XE+iXOWKqv0WEXSvQiJb7Mejv14ESgQaMOaA9qqKYu8iFz/pvow3PrCDaU2:XxspKA0ZiVfWEVUfYuhFzVowOD

    Score
    1/10
    • Target

      Lang/Finnish.lng

    • Size

      64KB

    • MD5

      2f9aa74f68d74f574c29bf7c0b964358

    • SHA1

      5d3c6026ec57837f373b8f5f2cc05043721db73b

    • SHA256

      a28569aaa735d3fcf9934460b283e47a8c510ea80439c57ded797d7d767c9a47

    • SHA512

      7bc0f83ac43b8cb4294ad4bf169c583f6b5948b92ac30a2626736bec204811a4562d3274819a7828ac787e22644e9f2ed2463fe3903ceccd98aa73c11811cb8a

    • SSDEEP

      1536:OYMktSVGbvcj8m7Kp1e7it8oMlrzfSIsYJQ4WbgZyh:OYMktSVGbvcj8mOp1e7roMlrzfSIsYJu

    Score
    3/10
    • Target

      Lang/Turkish.lng

    • Size

      105KB

    • MD5

      7e33e7c592d94d166623ee775d89f82a

    • SHA1

      5461026703760b2888c269691a0f1252862185a4

    • SHA256

      9342917a8192c104218c571d647205126c25ae6c22c3e39c8e70a1208c0cb4f0

    • SHA512

      af5d49e9b893fdc5ee1db756298001d042b33bb17dd88e16e75fe7a6299b2c24443648ccf53b4597445e9561f54733daade671eff0334bfad610d6eb232ab660

    • SSDEEP

      3072:scpVDh/XmDNtyZe6BI5jYrbf4ceQZVxmMDhFSltRdVDOG5iNK7e2o0d5Z00tgQne:tlDerVD4Uhj0

    Score
    3/10
    • Target

      Lang/french.lng

    • Size

      120KB

    • MD5

      c9cbe1f3a432ef6ec3a43d708862f9c6

    • SHA1

      2445716626359ed6c7fcb00595daece9f85702d8

    • SHA256

      f91a051d80c19ea8194985a2f9ca6d4c4e191a7492f9b1ebef13f423ed519f6f

    • SHA512

      c29f761f96b6db9e92002a0b0d02f60d60266b3fd3fa6891a82f79ce14e90a687ce78806f3a4e3298a0b4b9e7cf0b8430265d7fdd1070ad8e899c7ef1298f03e

    • SSDEEP

      768:oWokAtFJs4C86SZhYfOOlYMRStt+6IftgjHej633n5l0oM++WBHCGUsBod1absRM:oiAIKKMt+6IimGt8Bz4G+6wJtF7

    Score
    3/10
    • Target

      devcon.exe

    • Size

      69KB

    • MD5

      9d199564b65a91a531b23844649459e9

    • SHA1

      8d84359ced1c51d14e70cb5ed36a6083c8b914cf

    • SHA256

      8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42

    • SHA512

      ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1

    • SSDEEP

      768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW

    Score
    1/10
    • Target

      piso.exe

    • Size

      21KB

    • MD5

      99c1672e8ed7c85474917ebbc6903f3a

    • SHA1

      5b7a4c43a169d2ee4ebc65a716cce846e26e8e1a

    • SHA256

      1f6ee5802f6cc16c5ce12661155201350b7c53587ddbf61c429d05abebb69a2a

    • SHA512

      8bac273ea6a811f8f7afdb2ba36aa5df1797aaa2c1e8a2569b810179fef81583d33bd626f9a3572ff3dd2e9b8be67d412a435cfc5b0fc244069f0922061f1ca6

    • SSDEEP

      384:FXhgKsW4zL6KZjthU53XnCm/Zn6KZjthUBopnCm/2Q:NWK2zGmjtu5nCKAmjtuBsCKD

    Score
    1/10
    • Target

      setup64.exe

    • Size

      20KB

    • MD5

      fdaf68ac10888345fc0dfedd070dbd07

    • SHA1

      160e72adf208e42511274e7dd786975cfce4d4d2

    • SHA256

      e69945c414a228f6299a30946401bbbb900d0b8a814e2ce8c5c44c12f130eb75

    • SHA512

      943ae7c986ec48d24ebf9c83a3821ecfb36aa7bca0c010c7b53030c0ee30980c848177b5ec33fb2317f71dececa3bee5adf53393fb6f30f8f9b7d475965038a5

    • SSDEEP

      384:yTwBHiBYcYV796KZjthUFYnCm/x86KZjthUDnCm/Gu:CoHiBYcYB0mjtu+CKFmjtubCKv

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks