General

  • Target

    ZOBABAFİXER.rar

  • Size

    100.3MB

  • Sample

    240817-ydsg2awbkp

  • MD5

    5319c2f3fc7ca165b8d90be868fef0f6

  • SHA1

    bf13fb9e95e388a98ea07b4852e75a5c6da21b55

  • SHA256

    425b0da09fc7e60cf9d93415271cb9471730f31aeb28396cbbb5d93c7ccbc09c

  • SHA512

    296f31da2fdd6fbbbfa14cc9b9ff194c2f4c26c2b80892df7a779ee497cc4de91b915e81efaaa851c2f4b0ad4ee38aacdbc203a8bef4df7dcebf7280957376b5

  • SSDEEP

    1572864:jdEm+MZWyd9rwA1q8zNGA+bKDk020Qhs0zT3QsibjOiHPuX8dcaGDVPwOY+dvb:jRYKN53r40MLQpi6PdcaGDVPwOYwvb

Malware Config

Targets

    • Target

      ZOBABAFİXER.rar

    • Size

      100.3MB

    • MD5

      5319c2f3fc7ca165b8d90be868fef0f6

    • SHA1

      bf13fb9e95e388a98ea07b4852e75a5c6da21b55

    • SHA256

      425b0da09fc7e60cf9d93415271cb9471730f31aeb28396cbbb5d93c7ccbc09c

    • SHA512

      296f31da2fdd6fbbbfa14cc9b9ff194c2f4c26c2b80892df7a779ee497cc4de91b915e81efaaa851c2f4b0ad4ee38aacdbc203a8bef4df7dcebf7280957376b5

    • SSDEEP

      1572864:jdEm+MZWyd9rwA1q8zNGA+bKDk020Qhs0zT3QsibjOiHPuX8dcaGDVPwOY+dvb:jRYKN53r40MLQpi6PdcaGDVPwOYwvb

    Score
    3/10
    • Target

      ZOBABA FİX/ZobabaFİX.exe

    • Size

      71.2MB

    • MD5

      2ab8ccf6178b139afeeb6a12fbab951e

    • SHA1

      77a351e80c350dabacebe318971533f81ba966e3

    • SHA256

      508c55d767aa79cb9367be392a1eeecebb8cbb94a08af7f6782bc7a5a3022177

    • SHA512

      c04a2a4a9cce73393a6e8fcfc734bb39c433ea48a8981808852c196c4a7ed0c935c16327d5052d0cda8aed3cf8835b62dca7a12f95a5476370c671d21596e293

    • SSDEEP

      1572864:FuR01CpnLX5WJoWbgWRSgkNOXWxtQSNriIG2qHWB75iVdRWhLr:sR7pLX5M3gbcKCkG2qHO5iVLyL

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      ZobabaFİX.pyc

    • Size

      81KB

    • MD5

      15df2953ae42e2cb037c4603787ae9fc

    • SHA1

      d0c962f600be2b4c4a35884c69711ecab8e4b0d8

    • SHA256

      50c3465ed16cdd9407de6f12d9bdc79cd91a84a39dfb8b034679a30bb2cf5c4c

    • SHA512

      7ba0b789c1bf75ce3ee49b3055c4d7ca3e7b4a01974f946ce1a54261c8d3e3904f932783d36fc44d37ea094296ab3534fec3fa9d83eb1b539eab5125e702637c

    • SSDEEP

      768:L86/VsT/+wcdmRIypY38T9/KMfrKHz9ME3yRxF+0OoYhHgrxUbXrE/ziztD5WHBB:L94OmqyppqHiR0ArMHaoPCaKR8Te

    Score
    3/10
    • Target

      ZOBABA FİX/source_prepared.exe

    • Size

      31.4MB

    • MD5

      64d6f8d1f6b1f2f1400f07697b6ebce7

    • SHA1

      767eb344d49ff18a33dc1fae6371129342d520ba

    • SHA256

      41dc3558997b34d434ac1bcf46bea5f2541ec41d5ae19cba382038657269f2ef

    • SHA512

      cb381a26d3e677de3ca925773df431c62a560e8cda8de72c00b38560c69bc69395703fb3c06910fc95893dd3f036f70dc6ae0ff1db53b036849af7d4dfd3f5bb

    • SSDEEP

      786432:r9Z9HcYW82h7vDadbZzcY876t9esK8vIieA7mG4mE:RvHcYWjh7vGdRE7oEX3NGz

    Score
    9/10
    • Enumerates VirtualBox DLL files

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      b69e40762a4466ece89169b96d393c98

    • SHA1

      373367029cfc3301e6d33a1d54d6bdee6d4eeefa

    • SHA256

      dc4bb06d5aa0fe7da6f379003cb274ca6193582f191e99dc514f101348e86664

    • SHA512

      8a1812f2ec80a221245be05811834c0412680c30d6f76ac0e72d4658856d603aed2df8d67e841f8ed22593769631327fb732311d6a2b16abec45fcd616794b9d

    • SSDEEP

      384:YGC7RYmnXavExzG7WltcrhntQ5s6a2h12VA:YGCuvE8WltcrttQ5s6aCsVA

    Score
    3/10
    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      d5a564aa13edf19e4b8da18f88a26283

    • SHA1

      68ece76f35400e64f1765870fc767d79607c20fc

    • SHA256

      6342dfc52bf49dcfbd7c624dc366efbb965c750453f4e659eba0de320113575e

    • SHA512

      46e741bcd69110f999cee5fbd7ab7315fed90d0dfd86eaf34c728ab1a115ab057dfa3667d884487eb24ab845e81d8da50b45a9b4df5c69d63c26992618472459

    • SSDEEP

      192:kNal3eiNis9QfUFoxJvm79F211G6qPtAhN:kJiB2lrj7jqlAhN

    Score
    3/10
    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      204ee497021e32209ddde0c015b4dc19

    • SHA1

      6aa2c039e6b6fbfb3620d4fe42d115553702146b

    • SHA256

      a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2

    • SHA512

      961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12

    • SSDEEP

      96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub

    Score
    3/10
    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      bbb6ab7b8230cca0ac46532a612143d0

    • SHA1

      4bf5ebb19c5807cfb4b48191ec65b329d67763cd

    • SHA256

      8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4

    • SHA512

      21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e

    • SSDEEP

      192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7

    Score
    3/10
    • Target

      source_prepared.pyc

    • Size

      155KB

    • MD5

      08e24579b8fc3129d8a8578ee41f8153

    • SHA1

      f9c1eee7d19f666389f3d594236b2e521d5331ae

    • SHA256

      06bf0dd38f64dde0435646fbd7725f8a7dbec9871ce6d542196e98bd5ac9f192

    • SHA512

      54930f9ce666088ef087981f6ae1416f1a1469a7aa18508b4f19d1e31430d5a426f5a5fe5e4aadad88036d6e5c55df5d9d68727b77b893298682ea28bc77e273

    • SSDEEP

      3072:8FpRFaOOYxnysVxoQPZTJ0pZkgOxrUIvdXzEsZNm:8FnFaOOYxnHxobp7Oxrisi

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks