131066d63d393f0081a5e5ae68c09c75b4de42368caed2ecd5e5a8c0c17d4a66 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

ZonaSetup6...R].exe

windows10-2004-x64

7

Resubmissions

20-07-2024 14:34

240720-rxfh9azgqb 7

20-07-2024 14:30

240720-rvc1ca1brk 7

Sharing

General

Target

ZonaSetup64[6UCQR].exe
Size

182.7MB
Sample

240720-rxfh9azgqb
MD5

140fa16f46383a496232215d1a95bf86
SHA1

f4ed05b78fa59eeea7eb52d83190ec7403b0859d
SHA256

131066d63d393f0081a5e5ae68c09c75b4de42368caed2ecd5e5a8c0c17d4a66
SHA512

85f31e57b8f5201a6c82afb0734852f79f198c2747293788f1cd7c2f9c9a030a264c819c1c437cbbcac079fcae3fce59513caf112060f02e515cb35d53537729
SSDEEP

3145728:cqkUZfZDemxdcU8+m/PeW0+o6fAsrUvj073vNyLlqbLK82oUprahTGWhhuiS5RSl:0WpEn+8MsfAsrUL07vwlOK8nUpmhTThH

Score

7^/10

discovery evasion spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ZonaSetup64[6UCQR].exe

Resource

win10v2004-20240709-en

discovery evasion spyware stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  ZonaSetup64[6UCQR].exe
- Size
  
  182.7MB
- MD5
  
  140fa16f46383a496232215d1a95bf86
- SHA1
  
  f4ed05b78fa59eeea7eb52d83190ec7403b0859d
- SHA256
  
  131066d63d393f0081a5e5ae68c09c75b4de42368caed2ecd5e5a8c0c17d4a66
- SHA512
  
  85f31e57b8f5201a6c82afb0734852f79f198c2747293788f1cd7c2f9c9a030a264c819c1c437cbbcac079fcae3fce59513caf112060f02e515cb35d53537729
- SSDEEP
  
  3145728:cqkUZfZDemxdcU8+m/PeW0+o6fAsrUvj073vNyLlqbLK82oUprahTGWhhuiS5RSl:0WpEn+8MsfAsrUL07vwlOK8nUpmhTThH
Score

7^/10

discovery evasion spyware stealer trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealertrojan

© 2018-2024

Terms | Privacy