d3fackloader | 3967b38f763b2e58b0679bc0178247b855c68d761187c71c2f1760b6882e473a | Triage

Submit
Reports

Overview

overview

Static

static

1

Zoom_v_2.00.4.exe

windows7-x64

Zoom_v_2.00.4.exe

windows10-2004-x64

Sharing

General

Target

Zoom_v_2.00.4.exe
Size

98.4MB
Sample

240528-hl7nxsba89
MD5

c0230d748e61819d9dfad0da03fe6ec8
SHA1

951154980d3ddd4101b8e09b11669cbedc86f979
SHA256

3967b38f763b2e58b0679bc0178247b855c68d761187c71c2f1760b6882e473a
SHA512

8ec3af6f3ebf50b5d8ae23e61f442837313b90531e395d8de59ef2aadb49d8200866a069292d6c3d1221416d7cf226ae8628119b468fb6b47687d0b2d1ab4afa
SSDEEP

3145728:0GeG/0W1Wp44zcEyJaETaCV7EulyhkYMndp:R1X1WpBDxC77jlvdb

Score

10^/10

d3fackloader defense_evasion discovery downloader evasion loader privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

Zoom_v_2.00.4.exe

Resource

win7-20240508-en

d3fackloader discovery downloader loader

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

Zoom_v_2.00.4.exe

Resource

win10v2004-20240426-en

d3fackloader defense_evasion discovery downloader evasion loader privilege_escalation

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  Zoom_v_2.00.4.exe
- Size
  
  98.4MB
- MD5
  
  c0230d748e61819d9dfad0da03fe6ec8
- SHA1
  
  951154980d3ddd4101b8e09b11669cbedc86f979
- SHA256
  
  3967b38f763b2e58b0679bc0178247b855c68d761187c71c2f1760b6882e473a
- SHA512
  
  8ec3af6f3ebf50b5d8ae23e61f442837313b90531e395d8de59ef2aadb49d8200866a069292d6c3d1221416d7cf226ae8628119b468fb6b47687d0b2d1ab4afa
- SSDEEP
  
  3145728:0GeG/0W1Wp44zcEyJaETaCV7EulyhkYMndp:R1X1WpBDxC77jlvdb
Score

10^/10

d3fackloader discovery downloader loader defense_evasion evasion privilege_escalation
- D3fackloader
  D3fackloader is a loader and downloader using Inno Setup.
  loader downloader d3fackloader
- D3fackloader family
  d3fackloader
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

d3fackloaderdiscoverydownloaderloader

behavioral2

d3fackloaderdefense_evasiondiscoverydownloaderevasionloaderprivilege_escalation

© 2018-2025

Terms | Privacy