177c0d44829888987f89988f21973d8364853a864103d5bda9269e2b82e4bc37 | Triage

Sharing

General

Target

Zeus-translation.zip
Size

11.4MB
Sample

240817-b3al7atbjp
MD5

e1d831fe3a59fe4fc14970ebce66f277
SHA1

6d54593953b4a0f40ea22897926afa1d48ad4e06
SHA256

177c0d44829888987f89988f21973d8364853a864103d5bda9269e2b82e4bc37
SHA512

cfe7997775e4d72e4821b83c1802ac05cada38f881986bfaf08da43fcc1572ef4056da019651213a2a91ba8e47031614d2536feeaabf0982a7f8b0c44119a2fd
SSDEEP

196608:es7N5W144Abhq/vAmgQdGQXKvNa7hI3C6XI8d7IwHehJxysBLncEp1ObaADGgJ:37NiF/vAmgSheSIRfhdHOxh7p0a5W

Score

7^/10

discovery execution upx

Malware Config

Targets

- Target
  
  Zeus-translation/temp/server/php/lng.en.php
- Size
  
  5KB
- MD5
  
  f0946e19307613b2e6e56e93bea22a63
- SHA1
  
  b99accf0c2ddc87fe53c3b339cb2cb32c62d5698
- SHA256
  
  3ee9f450f60ac14ca18557a07a29867f7e2aa351a4d42921086a1bce45d9661e
- SHA512
  
  2e3ea53f2d736f8cd1caececf072d3d556db35487c18671d643823ad373ede80912dfa1e625180ac729265a30b3f38743f8a08033814c5aae1fcf678bc4d0d51
- SSDEEP
  
  96:dMRHyg7GiODubz3zZsY5TZlQvCTmTr8rIuocoDWW9f3rqa8bXcCb34xClUvs8XYm:dMwSGiODC3z30s6YKcc
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Zeus-translation/temp/server/php/lng.ru.php
- Size
  
  6KB
- MD5
  
  653f677acc91009d3128c8cb0bd4c43d
- SHA1
  
  25ce194321d39d0b4b6c2c66f7b92fee5bceb088
- SHA256
  
  c21ee402a0feb825eeccd8932642805ad93510e770aa5833112e093505297103
- SHA512
  
  bc1f018a2d41d6263130b4834dff86f7a2f49e52ab76b0062b2b9767bd6b76d3c7f3ef0a8eef8a103bdc846612cd4260c6c714f880c90a8f7b2c652348cafae3
- SSDEEP
  
  96:di9HCg7Xt5DWnUmZpZ/OzZlQFTmjxRuccytM+E+33T3YbWLU3CKbAJAeJi4H4fF8:dPSXt5DJiyLdIFz5YFH3
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Zeus-translation/temp/server/php/reports_db.lng.en.php
- Size
  
  2KB
- MD5
  
  775df9bde4761bc29c19ea11e558d597
- SHA1
  
  deb7d053c75dd8b4e4147e2b9895be3cd97ee9d2
- SHA256
  
  cda7115039d3e50fe1fa7c45fd99a1396c3bc81229800eb7f1602774f524a87d
- SHA512
  
  d61512c148611915661dd66faae4418929b8c77a228fca778893f4b04963f796d282a2a1ae6b8d1fa733233ab315a2ad145b6d618072e7ce9fb5cdc4ef3d9690
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Zeus-translation/temp/server/php/reports_db.lng.ru.php
- Size
  
  3KB
- MD5
  
  7f53a36e28d8c5cacca5d32935599b07
- SHA1
  
  d16780498f76de511b182eba8bf24902db6d98bd
- SHA256
  
  ef7b360c1a01f5fbcafbb6bfaa7fbc31f03e79db7a839a110598cd59bee66f86
- SHA512
  
  b23a80f8ef01b7f6fa629eda854464907cbb02b5919bc075aef66c7fac6115f3bf051d0e634548d45635b15fecd0fdff6989157d4267782d4c6f26957b097c6a
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Zeus-translation/temp/server/php/reports_db.php
- Size
  
  35KB
- MD5
  
  44dd114a58f16f487d37721e8efa076c
- SHA1
  
  df8b574223ab35edde29b55ce61fdff470063c8f
- SHA256
  
  5612864760a625413d76b09d29068667accd6fa7c7b1b096288753a5757e5f0b
- SHA512
  
  6024ac282c4dbe83349cfd42e6f74f3894fb2de3d21c309bd6648953c9cc17b5d4b2425786d13f25db816f6b3337ef584c47c357b9887479576519a4e9ea7ce7
- SSDEEP
  
  768:AN540kNZfaszjd4SR/UNvyTHT/T6TFDoNvzjowfEhc88:/Zfaszjd4x5uD
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  Zeus-translation/temp/server/php/reports_files.lng.en.php
- Size
  
  1KB
- MD5
  
  aaae1f41d9d02df177c973a015b8ccca
- SHA1
  
  b016190ce91877874bfad44b8f497e160c362b14
- SHA256
  
  542bd110da4095f0c8fa6ed5b075faa2becf70b68e2a4bdfe4b6db53baa3dc5e
- SHA512
  
  2fdf94a50164f6b9890e52fd04e1220c3c1273a83885c2106acc8c96d6723c0f87741ce44b96682e3806e99a2679b488ac82eac5eb09bf7e399de41c3d69ff31
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Zeus-translation/temp/server/php/reports_files.lng.ru.php
- Size
  
  2KB
- MD5
  
  35b9bdc91f40d8ade44fb9c84b3616d5
- SHA1
  
  226121c0dc33d2396f6eb0fbb6fca3e0920e3b95
- SHA256
  
  8a9fafd383005a4b6b17c13ec8c81e21e6c63ea05393c43614a4fc68c9fda87b
- SHA512
  
  136b7327bb8d8eea8f53ce8000d2b799fad3fb4a5eaeae9b46ae7cb04a0bda3f998965649f4308a9497bde762bb6090495d2cd94d91715d2f7045dcacd41a86b
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Zeus-translation/temp/server/php/reports_files.php
- Size
  
  25KB
- MD5
  
  b068946cee6a626fafc66d1b7b56edca
- SHA1
  
  f8d0d9d63460e1b28b5503cbbe1935f3eef5022b
- SHA256
  
  64b204bbaae678481f669c2ace4338ceec9bd30a1df600f698210fe2ce90f9cc
- SHA512
  
  0ad0fecbce8747131278146d2d7acfff02753548074eba75ebc11f33990b7794d1bf34930f51e280bc311056fd640a0a8035e8dcf12a3d3b3b38f3d6e01f6ef8
- SSDEEP
  
  384:RQki93zqD/T4TX/4xG1gbhQZJzn6x84pCtgixQtIi2PA6Im4CgNr:RViMbT4TXgM1gbhQc84kaiiyi2BImiNr
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Zeus-translation/temp/server/php/reports_jn.lng.en.php
- Size
  
  845B
- MD5
  
  4509dad4502d80dd4c65ef95ef74b715
- SHA1
  
  3bd42880ca1e3925d4821f18d810895d268a4cd4
- SHA256
  
  be6d8a108497ac5e02e80df0f9ab84dec96861314df33e4dc711500ce320eeb8
- SHA512
  
  9ed7d3ab4198a73a2074eca7cfbebe715a2b2d65a06b408551220917a4ca5391462cf0daf5baccd715b7a4a5ae02e179cfc949b149f729541e4fb1216fb5482f
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Zeus-translation/temp/server/php/reports_jn.lng.ru.php
- Size
  
  1KB
- MD5
  
  b4535923384a8a39ec9475db7f86bdb1
- SHA1
  
  3f632ebd516efb17d54d96ba48b8bd6b9845cd60
- SHA256
  
  fbf4f0b68a1596a6b383aa886fcf70c05672319da9a6d99ed883d12209b919fa
- SHA512
  
  95359d6f50917712893144140250d00adba5f5d7979a7d688b5310e59d6ecdfd45b9340654fbd348bc2ecdef36d48077f146f5bb400335acbfe145fdbac4c624
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Zeus-translation/temp/server/php/reports_jn.php
- Size
  
  6KB
- MD5
  
  03cd43dd61b907d05cda58c69e08ee9f
- SHA1
  
  dcf90f10677b408237cc651fd49440bc2033f623
- SHA256
  
  c2092dc124047cfb98c8a57c68d1b596d3cc15d605864f1bbd7eebc511dc2986
- SHA512
  
  41c089b2e0146fd1632aad5eb81e9059040294ed124745f17edfbc80f20b909ef8a83f0e6a78f71933f24d473fa26e2d10d61f20e1d6121d4a6587603cca117d
- SSDEEP
  
  192:JeZRdO+MIA+i5L8Kv+uJ0M7u6VrCy3YTDo:4WXIAXfW0r8Ts
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Zeus-translation/temp/server/php/stats_main.lng.en.php
- Size
  
  978B
- MD5
  
  a15f315569ed8227d0855c62194fac63
- SHA1
  
  aacf2bc406ae54761f43dc51847b1b96a87970ea
- SHA256
  
  fc674619b42fb2c3642406b7f0eaa6d793f2630c1703fced2b6b17abab28f27a
- SHA512
  
  e8ae326f1f3204268352e523bc3aa648eb54048ef98cdb07cd7007981180f1590df1523d9d4c6577031ba87984d046e854df48ed35e399a9c97de94ed788002b
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Zeus-translation/temp/server/php/stats_main.lng.ru.php
- Size
  
  1KB
- MD5
  
  67e3089776d058716213bee0cca6ed14
- SHA1
  
  37289553933355664abe853439a6bbab89b4c58e
- SHA256
  
  a4a15fdacfa3bfe4b3e4dc5c351d9ed2592862bfe7f4f67c81ec8e6d1d02a3c5
- SHA512
  
  deccb1da3fde9df60d873e1b39a02210024d75a80e787243151101c592e0fd08aa68fce951f7ba4b6fb3dfb52acbabe404b8726fce4bc177ad61c121e70514e1
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Zeus-translation/temp/server/php/stats_main.php
- Size
  
  9KB
- MD5
  
  a83b4bf2ecbd81651b52c25b1c09d922
- SHA1
  
  c81cb07eb32aa242c3b9a73b14ab053bbc2ca871
- SHA256
  
  899153833618bf54a122e8a64d823f2744c4064675fff1f592e0d6ddb4d591a0
- SHA512
  
  05d61a4166f2b6703dcdce05f7b861822df7dfb0d290f123e6322a5f63ad0d48abddd90c5f93191094fb5fb710cbe35ba8149ec0678e9834e1ae82c354a7b02f
- SSDEEP
  
  192:b+WgObKnhv/UDQm6FaUNebjEyDeb2s4sMn+kbmLcnUd:3bKnd8Qm6QUNebj3eb2lSkbQcUd
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Zeus-translation/temp/server/php/stats_os.lng.en.php
- Size
  
  194B
- MD5
  
  2ba8b0a8548b40a42aa8cc6a4292f17b
- SHA1
  
  3415abc3d8ade2b6d360cd3ec3afbae7d0f0f7f4
- SHA256
  
  e49d4eea5768511e054b6888244813809d8c02c49ecc062fa8f825f96ce87ff2
- SHA512
  
  3c03c1806dd0b17c6607880ce820b6d12935db57a4de871459c826aae70b4672c36a312978e68e8cf3b39d374b2582073047e02dba038999cedaf6e4c9f3991c
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Zeus-translation/temp/server/php/stats_os.lng.ru.php
- Size
  
  220B
- MD5
  
  961bdcb842a5ea58fe0659f480c90546
- SHA1
  
  e6a558394e300e63d5412981ffbb0b1c62bac03e
- SHA256
  
  9d3fb5719d5e10211fdccead96705f7fa1c2d6df163b59cce4af2c8039e0c53d
- SHA512
  
  ecd035a7a406fdfe66e88dc86f156127919a83f62479bda29c10e8e5ad23082e703fa65ba8798908b6ec0833300c5294eb1cd9854c035470302896e049403803
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32