Overview

overview

10

Static

static

10

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

zitmain.py

windows7-x64

3

zitmain.py

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zit-spammer.zip

  • Size

    17.6MB

  • Sample

    240528-qs383sfd4t

  • MD5

    d450e8540d3d4454dc69b6cdb3bf73e7

  • SHA1

    ebf089a7cbb2e8cb6235798f4a384b921231e269

  • SHA256

    cdc345fa75945b7f258b7567025bb61fb6e952ebaec138e014dd9095b6d9e120

  • SHA512

    a51ba4307e8d0fab5f77c4cf3eb95916003d177304ebddfd9de2ef94d05f0a20e668cfae2e74a85a620f7efb4b45aeaac1675c9024bd53d678c8f8737dcaf8db

  • SSDEEP

    393216:P6W23/DjrPVJNeSYxWizoCDVu3PaOuyZ0VtBhgFikT+O:Pi3rjjjwS9qaaOulfHYGO

Score
10/10
empyreanpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      main.exe

    • Size

      17.8MB

    • MD5

      aa4926dc51737b4ce2215cf9bc366092

    • SHA1

      5ef032d3fc81a9afaefc916e503e54aa09b2525e

    • SHA256

      eec326a602c970184613785546e3560739ec824e48cb3011130209531811b5ba

    • SHA512

      4a8f430d44d80b1f136909c5504b26054386895cab4b91767cc53b8d4990dd9549928913148844dab7c04ad5944181608f0ff6aa53a248602a08668ed6d0af91

    • SSDEEP

      393216:lqPnLFXlrPmQ8DOETgsvfGFughg3AJFPvEePb/yoxq:cPLFXNOQhELQg3AHUC/k

    Score
    7/10
    upxspywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      zitmain.py

    • Size

      279B

    • MD5

      6639a1095dc3e0cec59e7e33b19006de

    • SHA1

      3d7a5fd6469021e400df9dd19da1c7687f7f6c6a

    • SHA256

      4976a8497b8e1e6c17d8a17e56b163554b7da3879bd91d2e7fab18ebe45bc89b

    • SHA512

      67e16f62aae236072c2942edcda0f3a428a2521e6adad67ac7071982d2a53eadb71d5b0fff6638a31fd5b293a94c0153f16b0d160716f64ae108b6947658f087

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks