d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

ZOD-master/42.zip

windows7-x64

1

ZOD-master/42.zip

windows10-2004-x64

8

Sharing

General

Target

Unconfirmed 225523.crdownload
Size

41KB
Sample

240314-n1m6qabc7t
MD5

ae6438a5a41352e5b7b37918259bea69
SHA1

684f4e642980875422c1e666ee349d9aee5c337f
SHA256

d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768
SHA512

28b14be2cadcc3d37afd2a501e553bb5d8df42cb376609c587348a2bfd3eab35e81b76ff2f61b1951a606739834eda607f9dc4334ea60f00bb806edb269c9784
SSDEEP

768:XUMiHEhp2vCIODrhNGkAalt/bp2GiKlIPJV1Aoi+vZPJSFmGiU0Jv1uwiX:XUKP2vCF1Aalt/keIPhDjZPJSFmLa

Score

8^/10

adware discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

ZOD-master/42.zip

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

ZOD-master/42.zip

Resource

win10v2004-20240226-en

adware discovery persistence stealer

windows10-2004-x64

32 signatures

150 seconds

Malware Config

Targets

- Target
  
  ZOD-master/42.zip
- Size
  
  41KB
- MD5
  
  1df9a18b18332f153918030b7b516615
- SHA1
  
  6c42c62696616b72bbfc88a4be4ead57aa7bc503
- SHA256
  
  bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
- SHA512
  
  6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
- SSDEEP
  
  768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK
Score

8^/10

adware discovery persistence stealer
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverypersistencestealer

© 2018-2025

Terms | Privacy