Overview

overview

7

Static

static

3

eqig unpacked.exe

windows7-x64

1

eqig unpacked.exe

windows10-2004-x64

1

eqig.exe

windows7-x64

1

eqig.exe

windows10-2004-x64

3

output.130...ed.exe

windows7-x64

1

output.130...ed.exe

windows10-2004-x64

1

output.1301364.exe

windows7-x64

7

output.1301364.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    ZeusGameover_Feb2014.zip

  • Size

    811KB

  • Sample

    240629-zncd8szapk

  • MD5

    79f9d8468f9d354dfc1a90be4aa0157f

  • SHA1

    a750ff0a5de048d5cb54757d2e56c9fecd687156

  • SHA256

    626422ae68865a9a124792ed667b723bdbe6cd182d184c137355c33ab1360f0f

  • SHA512

    f5d3bc5fca33607dc577fd1cd5c00ca9db5dd40ee776ba8b0947bbc583efe70353cc882092c291702ae1f13a0bab6f29889de75c17a99fbb2538b178fe08847c

  • SSDEEP

    24576:e5uciG/00ui+/KFM2h17w3GaC9/Sw8NOif4Xl:MPttMGk3oYNOj

Score
7/10
persistence

Malware Config

Targets

    • Target

      eqig unpacked.ex_

    • Size

      255KB

    • MD5

      7bc463a32d6c0fb888cd76cc07ee69b5

    • SHA1

      81086a9559af3edc889f1c4c720460ebf49f8ef1

    • SHA256

      09e9fb8beb798f2c17a311d59c0a44d9e815d6cad8ea4feadd77a66d4d3706b5

    • SHA512

      7657ca1c29025d0e40978d775e891f79c015cd6cb4dd44aa63cf2f6ef036491eff2b56511616d3678fac8f9148106b93cb877637a496c86d8d87c61a277b9102

    • SSDEEP

      6144:8fK9TB2jX+3PUdyj4oVDyLiMRgxnnMACDUprIvxo:8fK9ToaUd0PEi/RnDvwx

    Score
    1/10
    behavioral1behavioral2

    • Target

      eqig.ex_

    • Size

      312KB

    • MD5

      b227e7c0d9995715f331592750d6ebc2

    • SHA1

      88b874278ff69adbbfa5c118604c39272d39cbe6

    • SHA256

      f5833e6db4a8bdbc5d90049008ccc9f75cc93a6a6c126969332566d87aeba700

    • SHA512

      1e2b3df0c83189fe893790a0af33f07e59b47df7822727b60ad050995b786a8a2329081c95f8bd49b7887528b94debef0102ddff63dc23e050756e7bd30952e6

    • SSDEEP

      6144:XyrQuBlo8CCyd1dUhAE74jvaG66xegV+/mJC63WfP+tN1JB5KKI:X8mdjaUq6QgV+OvePG175NI

    Score
    3/10
    behavioral3behavioral4

    • Target

      output.1301364 unpacked.old

    • Size

      243KB

    • MD5

      19c68862d3a53ea1746180b40bf32226

    • SHA1

      620262f1640db740fd60bd2a04b0b7435cff8b8c

    • SHA256

      2df5bbe0e055e2af7d32e3b71ea80b70f844a917229a6b7f9668eca31c3d813e

    • SHA512

      ea6817886420af3dc2a6caa5efaa7ddff0c072eb83027a82a2dfb2f9240c3f9f7cbd8ec06d32fa064dcc45ecb785ba68ebd2ab1fcb40decd5c78511eea3ac423

    • SSDEEP

      6144:n6WTBJzrllfU9Oz3o/Sz7ytG1Xpj0JOFPU5al:n6WTrzrlpqRk7f4Qu5

    Score
    1/10
    behavioral5behavioral6

    • Target

      output.1301364.old

    • Size

      278KB

    • MD5

      7fe11cfcd7c66f7727cfc4613e755389

    • SHA1

      b1c59dea004e5feb57e9fa845c6f8abbe015e199

    • SHA256

      5ad62af46f8f47d683b87f935df20845075d2bf9098c4420b2463258f94b98b9

    • SHA512

      4eb6832681eff9bd6a127053d362cae28a7d1035f3bc162192889eded6d3e018194b6116fd370b1ff08cf659b22f74bc807c9bd819957e8e996cb190ae5b142e

    • SSDEEP

      6144:Z1Yk7RnxF3BEuTP0PvdA8r1eqABpxEJPlLsiJEwpCzvkSm4krOsGDB:fYex0uT8Hq6eqABvuPl5K5RkvE

    Score
    7/10
    persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks