dffb606169831b2baea5de7c081ea21f11dfd70224ba90e3f39d4734981b02c6 | Triage

Sharing

General

Target

zhongaclient by zhong 0.0.7 p75.zip
Size

368KB
Sample

240725-xjp4esxhkj
MD5

0a4f29f19879fd63a98f125d33f60284
SHA1

1bc147acd3ad050585f90e039aa88b98f1f83fde
SHA256

dffb606169831b2baea5de7c081ea21f11dfd70224ba90e3f39d4734981b02c6
SHA512

9deba320868369c752a89a0ef81ce79a27c8b3ec3da327572ec725bdaa235cc62c0c382448ce65d9738ee78030c027d453c76ea26386d9f7ad7a9190dda2dc62
SSDEEP

6144:++noRyVSfcmb9wlmpWv09Opc2fKVFlPTu+wN0mETwCLxl4A24pHIhyc2:+CgLal+61p9ClyN7KCKHIQR

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  zhongaclient by zhong 0.0.7 p75.zip
- Size
  
  368KB
- MD5
  
  0a4f29f19879fd63a98f125d33f60284
- SHA1
  
  1bc147acd3ad050585f90e039aa88b98f1f83fde
- SHA256
  
  dffb606169831b2baea5de7c081ea21f11dfd70224ba90e3f39d4734981b02c6
- SHA512
  
  9deba320868369c752a89a0ef81ce79a27c8b3ec3da327572ec725bdaa235cc62c0c382448ce65d9738ee78030c027d453c76ea26386d9f7ad7a9190dda2dc62
- SSDEEP
  
  6144:++noRyVSfcmb9wlmpWv09Opc2fKVFlPTu+wN0mETwCLxl4A24pHIhyc2:+CgLal+61p9ClyN7KCKHIQR
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  zhongaclient by zhong 0.0.7 p75/background.js
- Size
  
  15KB
- MD5
  
  f9d2303aeafd9bef0b03f158f63d7605
- SHA1
  
  ff627b12e65fbb0499e735470282a8c13808a5c3
- SHA256
  
  83501b8e828a7ff4e8f45a8521f38cf04aa7a0f1ca0303b558f12ea8e27cd644
- SHA512
  
  c3f932d939962c1c924c10c80df4eac5765340a8b49460aa8083daf94ce25b9a865433542f2c14e1189e83ff11ad8191c05050f6de29012f44175c2d755ec6a9
- SSDEEP
  
  384:hHffdpYjQG2uEcbt8HKMjkE/NqniOEsAJyGbUETt/ukS:hHffdpYjThFFYOmukS
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  zhongaclient by zhong 0.0.7 p75/gui.html
- Size
  
  3KB
- MD5
  
  579fda3fb52b5aeb23c82956763d9494
- SHA1
  
  7e653d6b58761341e439cbddde009cc872026d6b
- SHA256
  
  bdfffc60dbd1c8befe10367dfc04d1a7275431d10da98639ad3213142277dcbf
- SHA512
  
  90bf6168c5f63feff6da58d1cdfb72e949bb7f43f6d3a22a1b168c12e3b77de994d7286205a4d15efffae9a364b6c1d5c6b602a249279fa1efe6249e1484b40f
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  zhongaclient by zhong 0.0.7 p75/index.html
- Size
  
  47KB
- MD5
  
  beca50a7c48fa77be6fc2a8f93668554
- SHA1
  
  cc74fcae54f68407836f9ecb6ce6e486272c1b31
- SHA256
  
  c1fb67c55519b794f4a279903daa509f434b8d98534d72652b7d6835fede0d1e
- SHA512
  
  105eb9c74d231cdabdfa1943605db20d5af2b9d3b5a4c2e75262a98ebfa822d4e4c2418447b314dffb76eaf5f698844f943f78ae653d1fc8b4b13e53c05114e6
- SSDEEP
  
  768:JZniR6FbjoviJxiC+uMRO68ZNHr+WYxmrU7eFdULC9lkBC0:JZi4FbjRinuMVKNaErU7eFdUL2lkBC0
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  zhongaclient by zhong 0.0.7 p75/inject/main.js
- Size
  
  1.3MB
- MD5
  
  c3297d7ed1105aff7d21cef81b0e7183
- SHA1
  
  64bf427e26e8891b9254edf05d15b8d556c79fe5
- SHA256
  
  049a6a84adcfb1460ba8a334c6d12157f3c629b3891a535fc1d2d07e8ef8d779
- SHA512
  
  88cc618a25ff4d23a62f81802cd3d41d85de3c5c51aa0525ec14bcc179f2dd5fffa1e2d83ccd85c3711993ec031d3f165c25f7594aa27389d3cc992adc7a1871
- SSDEEP
  
  12288:8BELf3E5dwWEU5WW2YWMEyna5d5XCKI4e+p+/+O+r+U+OZtUfcJL06J6SoBskdZ6:8BELf3hwYPe9BoMVQfgtjpuk34hXcjM
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  zhongaclient by zhong 0.0.7 p75/inject/mid.js
- Size
  
  1KB
- MD5
  
  50bf7f38591a8a53261795137e4d3dc7
- SHA1
  
  2164e39992331bd479f4838b83d99e9dba7fb90b
- SHA256
  
  ff8e4002b8b70a69d16d8bc359eb53b5ccd63a1e4ceaef1f020d29832e6dd86b
- SHA512
  
  7daff15ab24e98a4d386abb2204860d91b71195e292e25f31dbebeec55464645b373ca457fe91f9b6d812720d7d306cdf2d5a583abe7b4ef71ce6fed6bd50ac8
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  zhongaclient by zhong 0.0.7 p75/inject/ws_mitm.js
- Size
  
  1010B
- MD5
  
  8260cd7531173e7f2914cc27e2eaf8ee
- SHA1
  
  b18adb75298cf850cb916eaf2aeafa7f58b57dc9
- SHA256
  
  4102a74296d51ad054ee7713df852e973a1e51d5676ed11346e2e914a03e8d4c
- SHA512
  
  3899f3dbc274fadf8ac6e0d92c068e2ceea95026b8014eb8301312c75fd9ebdd2bb15091692ecb5f978cc94f002b94cb86660ce99b7724d7c148e46c92a204a4
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  zhongaclient by zhong 0.0.7 p75/libs/jquery.min.js
- Size
  
  87KB
- MD5
  
  dc5e7f18c8d36ac1d3d4753a87c98d0a
- SHA1
  
  c8e1c8b386dc5b7a9184c763c88d19a346eb3342
- SHA256
  
  f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
- SHA512
  
  6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516
- SSDEEP
  
  1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  zhongaclient by zhong 0.0.7 p75/libs/pathfinding-browser.min.js
- Size
  
  23KB
- MD5
  
  6e2e2ebce09d28dfef2caa600c10bd2f
- SHA1
  
  ee2d2629862c7a6e7446b1ed4682d5101e5e2fcb
- SHA256
  
  ae0e549fd29252e08e981f88103408dae671be17dececc5c5f175196c17e36f9
- SHA512
  
  ab1d5409eb84e7a62138d3da594df031060bcf4bd66b37948cb3ca12c98144120757397862b651345183867aee321d1b3bacd454d4383569f7c72386dc477740
- SSDEEP
  
  384:lxmE2EYC4BsNcHR2WFzTQZatJk6YD6EX9+hzGf:XmEWCD0R2WFzMZatJk6EnYRw
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  zhongaclient by zhong 0.0.7 p75/libs/socket.io.min.js
- Size
  
  42KB
- MD5
  
  2dd2f05aaab352fc37751c4f46f66b44
- SHA1
  
  7f8f08299f1ff467b7ad75477f6b9324abdb311e
- SHA256
  
  ede4fdbaa1ac707296953a78476c6f3225934a17e2491860abb2193c946cb591
- SHA512
  
  a712cc5ace04df7ad6f6d748868bdc0a9d9d0a8f64e10f1e1f0ec21138f28dd5dfe1a5fac2fb0406af8a74e24944500bafa1713685f1fa392c81b13be1366313
- SSDEEP
  
  384:ZZSoTCnZ7f0cD5WGYfWRqCMzNkiw7B4RWFG+ARbp2zhPL8cYdtfFG1aOUL9l5M0v:hTCnFmEmkBCkFGvMDiLFAbUf+rYf
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  zhongaclient by zhong 0.0.7 p75/loader.js
- Size
  
  19KB
- MD5
  
  0ff0247e64fd9f125cf6b7d6949cb27f
- SHA1
  
  9ebfdcff9a1725b6fa69c4a1a2a90bbebe8f0664
- SHA256
  
  8f4f0af4ed499da51b503d0797d49b363c95ae9a2d5117e6b8bebbfc116b12d4
- SHA512
  
  cf5f5fd96a3c434c9ffa851b6525525ff70da1461e4fdeac54c41c63f0c692cb833dd4d435eac4a3b3e5149bfb039e2a08e26d5a06bba73cfede6150bf882d10
- SSDEEP
  
  384:Ztu177SAUct7cEfZl3coPb1aOezDF8ABtSysxc0pG5QwY8ibXVq+Ax:3u1ygJcMZlbzhezx/LSyOQqXk
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  zhongaclient by zhong 0.0.7 p75/logo_t.png
- Size
  
  20KB
- MD5
  
  4dfad1d39dce947a1d32d0cd81858179
- SHA1
  
  8a43ac3b8e95b917a8dadfdad6b91b4940025903
- SHA256
  
  8a90b83ba4bc4c4efa0910104804705961a7c78d2c05638e6a3dd9a84ca98ee0
- SHA512
  
  618140423c675b1e803509fc87eea5b74608c137498bfa731f81b1c9d51717e563ae96ff3f7ba39063ce1d059e81d6e8570736d6defe5304ff93de5c511f7a5b
- SSDEEP
  
  384:6blXa5kJNIotuo2pFMlmfui3/RwtOYGHLo2BI2pmC5O3ucFIGvctvxgggggggggs:AWkYameKJ3/RrYi1mC38hE5ggggggggJ
Score

3^/10
behavioral23 behavioral24
- Target
  
  zhongaclient by zhong 0.0.7 p75/main1.css
- Size
  
  115KB
- MD5
  
  68194f5ef60e18898f979aea8c51e77e
- SHA1
  
  f4ef53e3e65f1083781840c67ce7753f6347bae4
- SHA256
  
  393a3de3bbf299645795394feef5258fd3dfae36e2caac5d9257b2491803c460
- SHA512
  
  6785df06cc570ff8d3387511d49729daefc7eb4d96aecb82cc41e45cf6bfdd35ab44c3f34d7fafe8e913ae76b3f15ab5972bf00254bb26501d77af4adc7c0dfb
- SSDEEP
  
  3072:pMQg/ZUnePf/ujy3f4cePf/ujy3f4Z1g5xhZcdx2CJQVdpV4JVC6RghZhhEVpumN:pMQg/ZEePf/ujy3f4cePf/ujy3f4Z1gC
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  zhongaclient by zhong 0.0.7 p75/manifest.json
- Size
  
  794B
- MD5
  
  2e164252232daaff953ec9c071f3921f
- SHA1
  
  99d67eafb0342b9d4b42b05c25f13d9f821e878d
- SHA256
  
  efb0e5d483e644f6fb8fc58ff4e87bf6f12d66d681b1cd52d53f130b17b07116
- SHA512
  
  236c3e553b846bdd4d135a74cbb048637bb251cc0f97f179609fb3b3ecbc5a65d73ccdbe75a904204948fcc48d01683122abf90329f35f16e00617a3d2749a55
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  zhongaclient by zhong 0.0.7 p75/popup.html
- Size
  
  10KB
- MD5
  
  f7c5f233fa1be11f3ff50051a012f61f
- SHA1
  
  10a5d0d47399965d4cc94902a808d77aad7ed775
- SHA256
  
  499262af8224209d856b705ef7dc80df3fbe041ef6e78f45732750a8a6708a08
- SHA512
  
  f614092dc7bee9f146d926c782b1e28c0ed9db373f4b05f3ed4910b2b8f5a1abccbc00f2a6ac5be14dc875801ea74df33d5ce273729697e5eef52fa2920e8c60
- SSDEEP
  
  192:f1GDpcqCZWeQdRcRgoQoFSZ5Biq+ivDfneAJUjXwwrg:fuXi0v+to
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  zhongaclient by zhong 0.0.7 p75/popup.js
- Size
  
  7KB
- MD5
  
  343b3b73088f1dfc3f88886080ae44df
- SHA1
  
  432a33c6823dd0d099129b2401ffda09f59370ec
- SHA256
  
  2e9abaf3cd8aa9c1cbc5b8fd90aafb9a645923a4625d35b4cdc34b8660ca18c9
- SHA512
  
  5bdba28e76cd02625fccc9a5e82c7b5b22028d5c22d0d2b1582474e00bd1eeea97f68d5bbcc11b5b0dbc7da8e34feae2c8694f770a4deb68a39f0c59b08d1feb
- SSDEEP
  
  96:9dMGD8zFu2F63Fr2OHmsFr2OHcJhquYj0KC/CileEULJGB4FFFkKnNApBr/aRcJi:9RtLHTLHyo1icsBsXcJ1B5zA
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32