Overview
overview
10Static
static
10ZOBABAFİXER.rar
windows10-2004-x64
3ZOBABA Fİ...�X.exe
windows10-2004-x64
9ZobabaFİX.js
windows10-2004-x64
3ZOBABA Fİ...ed.exe
windows10-2004-x64
9discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
ZOBABAFİXER.rar
-
Size
100.3MB
-
Sample
240817-ydsg2awbkp
-
MD5
5319c2f3fc7ca165b8d90be868fef0f6
-
SHA1
bf13fb9e95e388a98ea07b4852e75a5c6da21b55
-
SHA256
425b0da09fc7e60cf9d93415271cb9471730f31aeb28396cbbb5d93c7ccbc09c
-
SHA512
296f31da2fdd6fbbbfa14cc9b9ff194c2f4c26c2b80892df7a779ee497cc4de91b915e81efaaa851c2f4b0ad4ee38aacdbc203a8bef4df7dcebf7280957376b5
-
SSDEEP
1572864:jdEm+MZWyd9rwA1q8zNGA+bKDk020Qhs0zT3QsibjOiHPuX8dcaGDVPwOY+dvb:jRYKN53r40MLQpi6PdcaGDVPwOYwvb
Behavioral task
behavioral1
Sample
ZOBABAFİXER.rar
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
ZOBABA FİX/ZobabaFİX.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
ZobabaFİX.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
ZOBABA FİX/source_prepared.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
passwords_grabber.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
source_prepared.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ZOBABAFİXER.rar
-
Size
100.3MB
-
MD5
5319c2f3fc7ca165b8d90be868fef0f6
-
SHA1
bf13fb9e95e388a98ea07b4852e75a5c6da21b55
-
SHA256
425b0da09fc7e60cf9d93415271cb9471730f31aeb28396cbbb5d93c7ccbc09c
-
SHA512
296f31da2fdd6fbbbfa14cc9b9ff194c2f4c26c2b80892df7a779ee497cc4de91b915e81efaaa851c2f4b0ad4ee38aacdbc203a8bef4df7dcebf7280957376b5
-
SSDEEP
1572864:jdEm+MZWyd9rwA1q8zNGA+bKDk020Qhs0zT3QsibjOiHPuX8dcaGDVPwOY+dvb:jRYKN53r40MLQpi6PdcaGDVPwOYwvb
Score3/10 -
-
-
Target
ZOBABA FİX/ZobabaFİX.exe
-
Size
71.2MB
-
MD5
2ab8ccf6178b139afeeb6a12fbab951e
-
SHA1
77a351e80c350dabacebe318971533f81ba966e3
-
SHA256
508c55d767aa79cb9367be392a1eeecebb8cbb94a08af7f6782bc7a5a3022177
-
SHA512
c04a2a4a9cce73393a6e8fcfc734bb39c433ea48a8981808852c196c4a7ed0c935c16327d5052d0cda8aed3cf8835b62dca7a12f95a5476370c671d21596e293
-
SSDEEP
1572864:FuR01CpnLX5WJoWbgWRSgkNOXWxtQSNriIG2qHWB75iVdRWhLr:sR7pLX5M3gbcKCkG2qHO5iVLyL
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
ZobabaFİX.pyc
-
Size
81KB
-
MD5
15df2953ae42e2cb037c4603787ae9fc
-
SHA1
d0c962f600be2b4c4a35884c69711ecab8e4b0d8
-
SHA256
50c3465ed16cdd9407de6f12d9bdc79cd91a84a39dfb8b034679a30bb2cf5c4c
-
SHA512
7ba0b789c1bf75ce3ee49b3055c4d7ca3e7b4a01974f946ce1a54261c8d3e3904f932783d36fc44d37ea094296ab3534fec3fa9d83eb1b539eab5125e702637c
-
SSDEEP
768:L86/VsT/+wcdmRIypY38T9/KMfrKHz9ME3yRxF+0OoYhHgrxUbXrE/ziztD5WHBB:L94OmqyppqHiR0ArMHaoPCaKR8Te
Score3/10 -
-
-
Target
ZOBABA FİX/source_prepared.exe
-
Size
31.4MB
-
MD5
64d6f8d1f6b1f2f1400f07697b6ebce7
-
SHA1
767eb344d49ff18a33dc1fae6371129342d520ba
-
SHA256
41dc3558997b34d434ac1bcf46bea5f2541ec41d5ae19cba382038657269f2ef
-
SHA512
cb381a26d3e677de3ca925773df431c62a560e8cda8de72c00b38560c69bc69395703fb3c06910fc95893dd3f036f70dc6ae0ff1db53b036849af7d4dfd3f5bb
-
SSDEEP
786432:r9Z9HcYW82h7vDadbZzcY876t9esK8vIieA7mG4mE:RvHcYWjh7vGdRE7oEX3NGz
Score9/10-
Enumerates VirtualBox DLL files
-
Loads dropped DLL
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
b69e40762a4466ece89169b96d393c98
-
SHA1
373367029cfc3301e6d33a1d54d6bdee6d4eeefa
-
SHA256
dc4bb06d5aa0fe7da6f379003cb274ca6193582f191e99dc514f101348e86664
-
SHA512
8a1812f2ec80a221245be05811834c0412680c30d6f76ac0e72d4658856d603aed2df8d67e841f8ed22593769631327fb732311d6a2b16abec45fcd616794b9d
-
SSDEEP
384:YGC7RYmnXavExzG7WltcrhntQ5s6a2h12VA:YGCuvE8WltcrttQ5s6aCsVA
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
d5a564aa13edf19e4b8da18f88a26283
-
SHA1
68ece76f35400e64f1765870fc767d79607c20fc
-
SHA256
6342dfc52bf49dcfbd7c624dc366efbb965c750453f4e659eba0de320113575e
-
SHA512
46e741bcd69110f999cee5fbd7ab7315fed90d0dfd86eaf34c728ab1a115ab057dfa3667d884487eb24ab845e81d8da50b45a9b4df5c69d63c26992618472459
-
SSDEEP
192:kNal3eiNis9QfUFoxJvm79F211G6qPtAhN:kJiB2lrj7jqlAhN
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
204ee497021e32209ddde0c015b4dc19
-
SHA1
6aa2c039e6b6fbfb3620d4fe42d115553702146b
-
SHA256
a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2
-
SHA512
961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12
-
SSDEEP
96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
bbb6ab7b8230cca0ac46532a612143d0
-
SHA1
4bf5ebb19c5807cfb4b48191ec65b329d67763cd
-
SHA256
8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4
-
SHA512
21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e
-
SSDEEP
192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
155KB
-
MD5
08e24579b8fc3129d8a8578ee41f8153
-
SHA1
f9c1eee7d19f666389f3d594236b2e521d5331ae
-
SHA256
06bf0dd38f64dde0435646fbd7725f8a7dbec9871ce6d542196e98bd5ac9f192
-
SHA512
54930f9ce666088ef087981f6ae1416f1a1469a7aa18508b4f19d1e31430d5a426f5a5fe5e4aadad88036d6e5c55df5d9d68727b77b893298682ea28bc77e273
-
SSDEEP
3072:8FpRFaOOYxnysVxoQPZTJ0pZkgOxrUIvdXzEsZNm:8FnFaOOYxnHxobp7Oxrisi
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1