65d6c72d86b04045cd25b3e7f5618ba57f1f7b9ab582167dc3d8d64f27c7157b

Sharing

Copy URL

Twitter E-mail

General

Target

zar-app-setup-1.25.12.exe
Size

182.2MB
Sample

240425-pkdg1saf3z
MD5

4fd9be2908cbc363bd4addb5d75b8397
SHA1

995512388cd56baf9053b305f76b811f93ff477a
SHA256

65d6c72d86b04045cd25b3e7f5618ba57f1f7b9ab582167dc3d8d64f27c7157b
SHA512

1ac7bfb625ba7799971c9bbfd77eb6f50ceb53d6bbc26859d11109c88a8063cdf88a9443bb818a9a245fd560ae3637535a174bab6140f16d9ab22f2d5b2f6c98
SSDEEP

3145728:xSO9b0efCQJ4K3XHsZW8fcrxYTlHC7O9bs2TXA2rN1At/5RM548uVE2TXA2rQInb:R95fCtZQxZK9jrP1Ax3M59Inrugx

Score

5^/10

antivm linux

Malware Config

Targets

- Target
  
  zar-app-setup-1.25.12.exe
- Size
  
  182.2MB
- MD5
  
  4fd9be2908cbc363bd4addb5d75b8397
- SHA1
  
  995512388cd56baf9053b305f76b811f93ff477a
- SHA256
  
  65d6c72d86b04045cd25b3e7f5618ba57f1f7b9ab582167dc3d8d64f27c7157b
- SHA512
  
  1ac7bfb625ba7799971c9bbfd77eb6f50ceb53d6bbc26859d11109c88a8063cdf88a9443bb818a9a245fd560ae3637535a174bab6140f16d9ab22f2d5b2f6c98
- SSDEEP
  
  3145728:xSO9b0efCQJ4K3XHsZW8fcrxYTlHC7O9bs2TXA2rN1At/5RM548uVE2TXA2rQInb:R95fCtZQxZK9jrP1Ax3M59Inrugx
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  owutility.dll
- Size
  
  1.4MB
- MD5
  
  27e245824c1cd5f0b68e65f974651e3d
- SHA1
  
  0f8ab8787521090f54f0719c77bf27b2d1f5d537
- SHA256
  
  83615357c5b81bc2047cefa22b3fe88260467a69a190fd7cd36649411a4529f1
- SHA512
  
  c27a28db1f5b667c390e5a54204d8a78fa1fd76388f5614523054e037770045dda7f7546e230e59d9eb931fc69a91289bb41419571ee60bf8a28baa23b6f6f4a
- SSDEEP
  
  24576:s9mW+IacegtK/KzWfuBRidv/Eg//aErsVRgf3KvmZJ6NpobhmhGycID8SJKK:s9mRFIK/KzyuBRidUg/SErsXgfavmu//
Score

1^/10
behavioral11 behavioral12
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/cli.js
- Size
  
  612B
- MD5
  
  22fb63f521e42c1d1b3e903ce64d903c
- SHA1
  
  9244c3f14ea89f870430509c391219f026659d1d
- SHA256
  
  df64523f189418625d643cae7f6998810560136f2eb862cb128c2b5a004f2e81
- SHA512
  
  def19738e2186f965020355ab3bfe77638cfc4098cb6f399aca024c06f2e91ec8352175412313781c814d02a124e2a0f6580be32bce00026da79d8f14b7320f3
Score

4^/10

antivm
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/LICENSES.chromium.html
- Size
  
  5.1MB
- MD5
  
  f0882b4f2a11c1f0c524388c3307aad7
- SHA1
  
  c8952b4076167de1374d0c1f62b1fde8fe69f4ae
- SHA256
  
  1b8b8e268755376e95aaddd0a6881f6f4a4b96787af1b2db158e51958410da5f
- SHA512
  
  1e5cd07637e213d3f77f8a6204b5bb9a6e16c343790dda4ed677b081e8600de912165bb3436dacf56ea2e5145e888f5964deda4ee4b7dd3516ae2cab42e2fa0f
- SSDEEP
  
  12288:FetnJnVncnJnkncnpWQtnwn7n9nJnCnZnGn3eQSnqnBnununFn/nwnJnqnvnOnqP:nPDt5WXWSNkbfwVR8mfjF4HyCohp1
Score

1^/10
behavioral17 behavioral18
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  6833e5d2843251161e0d3fce3f571cff
- SHA1
  
  bfb08148fdea30c389d25ef1193b697a66594c4b
- SHA256
  
  5fdedf3c8e37f7268dc8a3574a10294d904616fbcc9b8d69d4edd57d2c6c5083
- SHA512
  
  991c5302731ad885e81f3b3522dbc4172652814ec20a918f52d436240bc72afaf5d0c48dce670167e70b57f7aa2fc82a0cad619d089f3a000deaa2526fa547f9
- SSDEEP
  
  49152:kuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccH:cy904wYbZCoOI85oyIw
Score

1^/10
behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/electron.exe
- Size
  
  142.2MB
- MD5
  
  40b4e5764acd927c02a006c375bc7f41
- SHA1
  
  0c83cb6dab4782fb2d210d56da028429725e4527
- SHA256
  
  977f03901d520ee7f2412ec7e86f1a5ceb05aa9c4d1017eaa4d8f75c7763ac49
- SHA512
  
  17736fc143c6ddb82060f69314d5cf36663be37611d5ad48f24c9cdbfb8eef3fa8ee5ce99fa98152a3e94c38f5e358e0539de27b0679ce193a7c49bdc447c3c7
- SSDEEP
  
  1572864:iIkBFDwRUI7ngGGlkWGJOblScJeZrLTVQI3n+F:0u8GGiAYB3e
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral20 behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  b3ed01bdd671ba843cc734ae32f53f0b
- SHA1
  
  f4e5c6e9f69bca7cd522b615509f8a5898e02e00
- SHA256
  
  03d9d323c4e38b6f332a4a01f75b63cb19f6bbab04d2830020a4b0d2da0239e7
- SHA512
  
  726034c8fb3d31c69b1a93e8c0e374c7ea465e4301f53b3596bece7785a9063320d7dea9f178150e72c20ec8a6bbbb61c45cd58a981f74549c7f599a5d3df912
- SSDEEP
  
  49152:5qLAtO2mAixsA2vE/nOootJhW8L32xfnok0TvMzEKJ7UWyTIQVRU5GkJtdj02b3h:xtnqOoowS32xf90m71yTIQVRU5GkJOlC
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/libEGL.dll
- Size
  
  482KB
- MD5
  
  d221bfb2b1efbf4c14bf85c090c82e85
- SHA1
  
  2b368ca65eb5c4b46b27826356734cb55f4b6db7
- SHA256
  
  0472b4b3cff975b03b82af7def02096afe4cffdf5692fd5d7913c08c3d8d2dfc
- SHA512
  
  8d17dc171e1b38f1aa00047ec311a66b7d07f5eeff556b674bfb7dde18bb7298c7152dc45ea64192cd3269925f7aec2ff9d2e70a22264ffcd09ac01debe5cdd3
- SSDEEP
  
  12288:eKEcTs/jvtGCIb/BI/CLPzxk7wmfj00wL:NEjIb/Jxk7zfA0wL
Score

1^/10
behavioral24 behavioral25
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/libGLESv2.dll
- Size
  
  6.9MB
- MD5
  
  1da23406a5611a0ea637148f83ccf8fa
- SHA1
  
  47998f8446a3b8f55d4320a3549e3f48035c6c13
- SHA256
  
  31697df986ed1469cc614e80f334c7f95df2987dc1426a88134f03679e11c82b
- SHA512
  
  1afd294b3fd8f562558011f95678b65e81d5dcb00a6ce877afaf594c0ae604ccb16732c868ca76abfbeac1943e7cc5e6d3ae9f55a0abc658d695d5c2cbe35488
- SSDEEP
  
  49152:+VjYuYQiOJYXEPdX++aEVQwXW0LXoJihD9BV1W6X+AIt8k9C3NRKRzDGYCvktcKQ:od++tVQeWQhUkkKIGLJWrobm+
Score

1^/10
behavioral26 behavioral27
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/resources/default_app.asar
- Size
  
  106KB
- MD5
  
  262c92a7e943b858efa8e14fbebc0b14
- SHA1
  
  a303c01cab588a07f729a725a13ef94c9cfcb47b
- SHA256
  
  ebe2429a1d5f262010b158852215bfa2a152d602193d93fac846877fa2b101ca
- SHA512
  
  24e281e3ca539cb75fa27cba90fbbc912171272b09bd3079fd1a912552978adbe9c5a3f0f8ed559ef60773a51dc62d9bee513af769c36c8f61df9379c8f0f172
- SSDEEP
  
  3072:aXvTvFRWrjXxs8xbKNkCeF1SBRbFdPQrZsHen37:af5R4XxRYmS7orZsHenL
Score

1^/10
behavioral28 behavioral29
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/vk_swiftshader.dll
- Size
  
  4.6MB
- MD5
  
  23d47d8a8def17c7c932f1bfcdfe065f
- SHA1
  
  dbb62cd317d50b92caba947877234214fc2a04c6
- SHA256
  
  b37c60788008f1d2b0c1cac17850a1bfdd2ea252376f2f20f2b0fcf935bca87b
- SHA512
  
  9caa1130fa463ac43db1af2452564894e1a4d09cd36317c47e34fcbb867c2e23b262c13740c3af42c5c088abe50309be1ce53cb702f7fc7772f42dd6974e1355
- SSDEEP
  
  49152:cO6IzWGejMxLmo/FxJga4kIKvGtY48loR/ciu4skCDC88PF/VoQ28iasG+Stxf+z:b7/pEEkSUwsNY0di
Score

1^/10
behavioral30 behavioral31
- Target
  
  resources/app.asar.unpacked/node_modules/@overwolf/ow-electron/dist/vulkan-1.dll
- Size
  
  876KB
- MD5
  
  cb0f13601b8592059f9fffc5acd6fb10
- SHA1
  
  a3834e36b498148a9eb3b282250ca4760647e70e
- SHA256
  
  fb0600d5930d7c9ee9794c0929428837eb903a5c554f7606642a977e39e4ce2d
- SHA512
  
  f08d9fa4256f0f0b31f710def89af8c22e76a6b91d40d49ac376cb7abc2a851c0cb713fc05c210a2758c573864010d745e7b06938c8ee9784722aa0838113109
- SSDEEP
  
  12288:PPcsZ/i18O9zheQQZ7bjnfjaimmVBmJUAI0/bf1IohbX6G62KB0:PPcL19F0QCn5VBKQmSYfi0
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Process Discovery

T1057

Virtualization/Sandbox Evasion

T1497

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32