Overview
overview
8Static
static
1ZoneAlarmN...NP.exe
windows7-x64
8ZoneAlarmN...NP.exe
windows10-1703-x64
8ZoneAlarmN...NP.exe
windows10-2004-x64
8ZoneAlarmN...NP.exe
windows11-21h2-x64
8ZoneAlarmN...NP.exe
android-10-x64
ZoneAlarmN...NP.exe
android-11-x64
ZoneAlarmN...NP.exe
android-13-x64
ZoneAlarmN...NP.exe
android-9-x86
ZoneAlarmN...NP.exe
macos-10.15-amd64
4ZoneAlarmN...NP.exe
debian-12-armhf
ZoneAlarmN...NP.exe
debian-12-mipsel
ZoneAlarmN...NP.exe
debian-9-armhf
ZoneAlarmN...NP.exe
debian-9-mips
ZoneAlarmN...NP.exe
debian-9-mipsel
ZoneAlarmN...NP.exe
ubuntu-18.04-amd64
ZoneAlarmN...NP.exe
ubuntu-20.04-amd64
ZoneAlarmN...NP.exe
ubuntu-22.04-amd64
ZoneAlarmN...NP.exe
ubuntu-24.04-amd64
General
-
Target
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
-
Size
1.1MB
-
Sample
240617-xyzams1bkc
-
MD5
6e9187e870238ad2d00866a47264e109
-
SHA1
78e7cf585cbc9d02b6fab6f268d49559e696b17a
-
SHA256
7befc08954b8847b35e82bb40e6aec8f69807c5a5c8861c35463c818f4628377
-
SHA512
8ed3431c8787f7996ee85345eb69508f2a13449955b07917277a1c5584d78c751252e936d9ae1c51975947f7ccea13c0e609a07d7088582dce3dc7237ba12b09
-
SSDEEP
24576:wBp3wovIZkheWypPk5yYC5Sm1tzxK+/oZ3v2MRuUtq:gRwoFhtAPkwT82toZ2MR/q
Static task
static1
Behavioral task
behavioral1
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral11
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
debian12-mipsel-20240418-en
Behavioral task
behavioral12
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral15
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral17
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
ZoneAlarmNGSetup_ZANG_FW_FR_AR8ZNP.exe
-
Size
1.1MB
-
MD5
6e9187e870238ad2d00866a47264e109
-
SHA1
78e7cf585cbc9d02b6fab6f268d49559e696b17a
-
SHA256
7befc08954b8847b35e82bb40e6aec8f69807c5a5c8861c35463c818f4628377
-
SHA512
8ed3431c8787f7996ee85345eb69508f2a13449955b07917277a1c5584d78c751252e936d9ae1c51975947f7ccea13c0e609a07d7088582dce3dc7237ba12b09
-
SSDEEP
24576:wBp3wovIZkheWypPk5yYC5Sm1tzxK+/oZ3v2MRuUtq:gRwoFhtAPkwT82toZ2MR/q
Score8/10-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-