Overview
overview
10Static
static
3PowerISO8-x64.exe
windows11-21h2-x64
10$0.sys
windows11-21h2-x64
1$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...er.bmp
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3$R0.exe
windows11-21h2-x64
1$TEMP/$0.dll
windows11-21h2-x64
1Lang/Finnish.lng
windows11-21h2-x64
3Lang/Turkish.lng
windows11-21h2-x64
3Lang/french.lng
windows11-21h2-x64
3devcon.exe
windows11-21h2-x64
1piso.exe
windows11-21h2-x64
1setup64.exe
windows11-21h2-x64
1General
-
Target
PowerISO8-x64.exe
-
Size
4.9MB
-
Sample
240302-qeenkadf7z
-
MD5
d884550a8b075167353db3bc9118dd18
-
SHA1
5975cbc800d452546a0ec7456d19fccc15ed085a
-
SHA256
be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
-
SHA512
0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf
-
SSDEEP
98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8
Static task
static1
Behavioral task
behavioral1
Sample
PowerISO8-x64.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
$0.sys
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/modern-header.bmp
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
$R0.exe
Resource
win11-20240221-en
Behavioral task
behavioral7
Sample
$TEMP/$0.dll
Resource
win11-20240221-en
Behavioral task
behavioral8
Sample
Lang/Finnish.lng
Resource
win11-20240221-en
Behavioral task
behavioral9
Sample
Lang/Turkish.lng
Resource
win11-20240221-en
Behavioral task
behavioral10
Sample
Lang/french.lng
Resource
win11-20240221-en
Behavioral task
behavioral11
Sample
devcon.exe
Resource
win11-20240221-en
Behavioral task
behavioral12
Sample
piso.exe
Resource
win11-20240221-en
Behavioral task
behavioral13
Sample
setup64.exe
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
PowerISO8-x64.exe
-
Size
4.9MB
-
MD5
d884550a8b075167353db3bc9118dd18
-
SHA1
5975cbc800d452546a0ec7456d19fccc15ed085a
-
SHA256
be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
-
SHA512
0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf
-
SSDEEP
98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8
-
Detect ZGRat V1
-
Creates new service(s)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$0
-
Size
135KB
-
MD5
92eae8dec1f992db12aa23d9d55f264a
-
SHA1
add6697b8c1c71980e391619e81e0bada05e38ee
-
SHA256
d01a58e0a222e4d301b75ae80150d8cbc17f56b3f6458352d2c7c449be302eee
-
SHA512
443a12a1a49e388725ee347e650297ba5268d655acd08e623ea988cde07ae08ae861620b600fb223358339eeab926fee1c8377386501310c68a3eb9515649441
-
SSDEEP
3072:hl1VSgPra4TD5Yt2JVLuPIqEjOZN7mPARacgx:hl3DtYtm+Ij2aZ
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
8cf2ac271d7679b1d68eefc1ae0c5618
-
SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8
-
SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
-
SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
-
SSDEEP
192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score3/10 -
-
-
Target
$PLUGINSDIR/modern-header.bmp
-
Size
68KB
-
MD5
ca2542b0e66e48d7e3f361c8eef8f720
-
SHA1
368093fbcbf5dfe2cd58e77f2d6eee7ea5b808cb
-
SHA256
4566dfcc153cba168a02eebc5ddd9d82832cf463ebb8ecb4ec2f269f9f85aeca
-
SHA512
72296dd3d0a741caf051a326cd703b59132136bccbe43c000cf4e57e3d7955aa812501a59f4f62530b2a2b8a73bebf55d32aa428a869c4c840fc16bca1788a33
-
SSDEEP
384:tZfV37EjIopEmmR2vqTf73cynNOBD97H5x1QJOa5/LIsW4Jl7tJegwf0NY:rejIodmMiTDzNOBV/o5/jJl7DTNY
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
ec9640b70e07141febbe2cd4cc42510f
-
SHA1
64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
-
SHA256
c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
-
SHA512
47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe
-
SSDEEP
192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc
Score3/10 -
-
-
Target
$R0
-
Size
69KB
-
MD5
9d199564b65a91a531b23844649459e9
-
SHA1
8d84359ced1c51d14e70cb5ed36a6083c8b914cf
-
SHA256
8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
-
SHA512
ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
-
SSDEEP
768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score1/10 -
-
-
Target
$TEMP/$0
-
Size
29KB
-
MD5
c3b224d15a9036805575b2ff0bcefeda
-
SHA1
74779ae82a97e97d770435d097821810f16c97c5
-
SHA256
23d8aeff49ffbac9f9490e9739e059cd7064516dbcd693fe2de77830b127ff8a
-
SHA512
5a5d98cc9a4aca076049340a4645879a8e4a1d2e24a672015627446d7e3729acf0b64bc8a0f702b8da735d22607fe13ba3ef6a497a57891804576899b06bb461
-
SSDEEP
384:XE+iXOWKqv0WEXSvQiJb7Mejv14ESgQaMOaA9qqKYu8iFz/pvow3PrCDaU2:XxspKA0ZiVfWEVUfYuhFzVowOD
Score1/10 -
-
-
Target
Lang/Finnish.lng
-
Size
64KB
-
MD5
2f9aa74f68d74f574c29bf7c0b964358
-
SHA1
5d3c6026ec57837f373b8f5f2cc05043721db73b
-
SHA256
a28569aaa735d3fcf9934460b283e47a8c510ea80439c57ded797d7d767c9a47
-
SHA512
7bc0f83ac43b8cb4294ad4bf169c583f6b5948b92ac30a2626736bec204811a4562d3274819a7828ac787e22644e9f2ed2463fe3903ceccd98aa73c11811cb8a
-
SSDEEP
1536:OYMktSVGbvcj8m7Kp1e7it8oMlrzfSIsYJQ4WbgZyh:OYMktSVGbvcj8mOp1e7roMlrzfSIsYJu
Score3/10 -
-
-
Target
Lang/Turkish.lng
-
Size
105KB
-
MD5
7e33e7c592d94d166623ee775d89f82a
-
SHA1
5461026703760b2888c269691a0f1252862185a4
-
SHA256
9342917a8192c104218c571d647205126c25ae6c22c3e39c8e70a1208c0cb4f0
-
SHA512
af5d49e9b893fdc5ee1db756298001d042b33bb17dd88e16e75fe7a6299b2c24443648ccf53b4597445e9561f54733daade671eff0334bfad610d6eb232ab660
-
SSDEEP
3072:scpVDh/XmDNtyZe6BI5jYrbf4ceQZVxmMDhFSltRdVDOG5iNK7e2o0d5Z00tgQne:tlDerVD4Uhj0
Score3/10 -
-
-
Target
Lang/french.lng
-
Size
120KB
-
MD5
c9cbe1f3a432ef6ec3a43d708862f9c6
-
SHA1
2445716626359ed6c7fcb00595daece9f85702d8
-
SHA256
f91a051d80c19ea8194985a2f9ca6d4c4e191a7492f9b1ebef13f423ed519f6f
-
SHA512
c29f761f96b6db9e92002a0b0d02f60d60266b3fd3fa6891a82f79ce14e90a687ce78806f3a4e3298a0b4b9e7cf0b8430265d7fdd1070ad8e899c7ef1298f03e
-
SSDEEP
768:oWokAtFJs4C86SZhYfOOlYMRStt+6IftgjHej633n5l0oM++WBHCGUsBod1absRM:oiAIKKMt+6IimGt8Bz4G+6wJtF7
Score3/10 -
-
-
Target
devcon.exe
-
Size
69KB
-
MD5
9d199564b65a91a531b23844649459e9
-
SHA1
8d84359ced1c51d14e70cb5ed36a6083c8b914cf
-
SHA256
8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
-
SHA512
ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
-
SSDEEP
768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score1/10 -
-
-
Target
piso.exe
-
Size
21KB
-
MD5
99c1672e8ed7c85474917ebbc6903f3a
-
SHA1
5b7a4c43a169d2ee4ebc65a716cce846e26e8e1a
-
SHA256
1f6ee5802f6cc16c5ce12661155201350b7c53587ddbf61c429d05abebb69a2a
-
SHA512
8bac273ea6a811f8f7afdb2ba36aa5df1797aaa2c1e8a2569b810179fef81583d33bd626f9a3572ff3dd2e9b8be67d412a435cfc5b0fc244069f0922061f1ca6
-
SSDEEP
384:FXhgKsW4zL6KZjthU53XnCm/Zn6KZjthUBopnCm/2Q:NWK2zGmjtu5nCKAmjtuBsCKD
Score1/10 -
-
-
Target
setup64.exe
-
Size
20KB
-
MD5
fdaf68ac10888345fc0dfedd070dbd07
-
SHA1
160e72adf208e42511274e7dd786975cfce4d4d2
-
SHA256
e69945c414a228f6299a30946401bbbb900d0b8a814e2ce8c5c44c12f130eb75
-
SHA512
943ae7c986ec48d24ebf9c83a3821ecfb36aa7bca0c010c7b53030c0ee30980c848177b5ec33fb2317f71dececa3bee5adf53393fb6f30f8f9b7d475965038a5
-
SSDEEP
384:yTwBHiBYcYV796KZjthUFYnCm/x86KZjthUDnCm/Gu:CoHiBYcYB0mjtu+CKFmjtubCKv
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1