2aa9f15810e2c55dbc8522e386d76d1a8fb3a63a712b33e17bd2139a7b45c76b

Resubmissions

14-05-2024 18:33

240514-w7fzzsac5z 7

19-02-2024 06:44

240219-hhfq2aba64 7

Sharing

Copy URL

Twitter E-mail

General

Target

ZoomInfoContactContributor.exe
Size

259KB
Sample

240514-w7fzzsac5z
MD5

0b5719e9fd40b85d4d95e475e9431cd0
SHA1

132151d26e61d2fda4e4b31eb376a41ea0d56e6d
SHA256

2aa9f15810e2c55dbc8522e386d76d1a8fb3a63a712b33e17bd2139a7b45c76b
SHA512

ed17497df8e53eb9a49ff3d6ed5bf8d84f17a045947a4b474204a8bf06254f8a801be1243599e526123ccc5e88af389f718021409567ac86ed28d988afd3d1cf
SSDEEP

3072:mgXdZt9P6D3XJMzI7Op5KmEOm9Ek1ydrZeDAf1OnV8AHzsFypc95:me34qk7uUmq9EnvAH4F8u5

Score

7^/10

Malware Config

Targets

- Target
  
  ZoomInfoContactContributor.exe
- Size
  
  259KB
- MD5
  
  0b5719e9fd40b85d4d95e475e9431cd0
- SHA1
  
  132151d26e61d2fda4e4b31eb376a41ea0d56e6d
- SHA256
  
  2aa9f15810e2c55dbc8522e386d76d1a8fb3a63a712b33e17bd2139a7b45c76b
- SHA512
  
  ed17497df8e53eb9a49ff3d6ed5bf8d84f17a045947a4b474204a8bf06254f8a801be1243599e526123ccc5e88af389f718021409567ac86ed28d988afd3d1cf
- SSDEEP
  
  3072:mgXdZt9P6D3XJMzI7Op5KmEOm9Ek1ydrZeDAf1OnV8AHzsFypc95:me34qk7uUmq9EnvAH4F8u5
Score

7^/10

discovery persistence pyinstaller
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  31KB
- MD5
  
  83cd62eab980e3d64c131799608c8371
- SHA1
  
  5b57a6842a154997e31fab573c5754b358f5dd1c
- SHA256
  
  a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
- SHA512
  
  91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9
- SSDEEP
  
  384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/GetVersion.dll
- Size
  
  5KB
- MD5
  
  2e2412281a205ed8d53aafb3ef770a2d
- SHA1
  
  3cae4138e8226866236cf34f8fb00dafb0954d97
- SHA256
  
  db09adb6e17b6a0b31823802431ff5209018ee8c77a193ac8077e42e5f15fb00
- SHA512
  
  6d57249b7e02e1dfed2e297ec35fb375ecf3abc893d68694f4fa5f2e82ec68c129af9cc5ce3dd4025147309c0832a2847b69334138f3d29c5572ff4e1b16f219
- SSDEEP
  
  96:E12kx1WhoMHF7ZmIpNkTif0geoBLERrqm1BdROBh6Hx2WsTDBi46AQuP:Xll7A6NkOMiBEReEBdRwiMTDBi46AQu
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsisunz.dll
- Size
  
  40KB
- MD5
  
  5f13dbc378792f23e598079fc1e4422b
- SHA1
  
  5813c05802f15930aa860b8363af2b58426c8adf
- SHA256
  
  6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d
- SHA512
  
  9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5
- SSDEEP
  
  384:KExN66Yf2xL5Q4IsjuUjUZfqRDpImexpf88FwHxXvjX3hwlHt6oIfESxSHoOO8n9:O2x64GcVpI3xC8ynToIf1SIOhW4
Score

3^/10
behavioral13 behavioral14
- Target
  
  $TEMP/uninstall_fc.exe
- Size
  
  59KB
- MD5
  
  9b5a8a1e1a13cb6f5d344cf5f92866f9
- SHA1
  
  db6e74fa5b1abbd8a412e21b437d03d173617bf9
- SHA256
  
  9c3e4cbf323170eaf1d82a59496557f8013b65d0853bb05b7c054f0d5d856889
- SHA512
  
  2dfc4dae9f743831e2e67861e5cd5a118a967fdba9b0c2655e9e71614fa76762b3fcc175feb98c7801d3f753cfe1156168f9125c905b14c28caa0babb4566aaa
- SSDEEP
  
  1536:spgpHzb9dZVX9fHMvG0D3XJzQEyS+EhuL0:6gXdZt9P6D3XJkiU0
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16