Overview

overview

6

Static

static

6

theZoo-0.6...t__.py

windows7-x64

3

theZoo-0.6...t__.py

windows10-2004-x64

3

theZoo-0.6...ler.py

windows7-x64

3

theZoo-0.6...ler.py

windows10-2004-x64

3

theZoo-0.6...ler.py

ubuntu-18.04-amd64

1

theZoo-0.6...ler.py

debian-9-armhf

1

theZoo-0.6...ler.py

debian-9-mips

1

theZoo-0.6...ler.py

debian-9-mipsel

1

theZoo-0.6...als.py

ubuntu-18.04-amd64

1

theZoo-0.6...als.py

debian-9-armhf

1

theZoo-0.6...als.py

debian-9-mips

1

theZoo-0.6...als.py

debian-9-mipsel

1

theZoo-0.6...hes.py

windows7-x64

3

theZoo-0.6...hes.py

windows10-2004-x64

3

theZoo-0.6...ngs.py

ubuntu-18.04-amd64

1

theZoo-0.6...ngs.py

debian-9-armhf

1

theZoo-0.6...ngs.py

debian-9-mips

1

theZoo-0.6...ngs.py

debian-9-mipsel

1

theZoo-0.6...ler.py

windows7-x64

3

theZoo-0.6...ler.py

windows10-2004-x64

3

theZoo-0.6...ler.py

ubuntu-18.04-amd64

1

theZoo-0.6...ler.py

debian-9-armhf

1

theZoo-0.6...ler.py

debian-9-mips

1

theZoo-0.6...ler.py

debian-9-mipsel

1

AndroRat/a...sample

ubuntu-18.04-amd64

1

AndroRat/a...sample

debian-9-armhf

1

AndroRat/a...sample

debian-9-mips

1

AndroRat/a...sample

debian-9-mipsel

1

AndroRat/a...sample

ubuntu-18.04-amd64

3

AndroRat/a...sample

debian-9-armhf

3

AndroRat/a...sample

debian-9-mips

3

AndroRat/a...sample

debian-9-mipsel

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    theZoo-0.60.zip

  • Size

    107.9MB

  • Sample

    240820-qx4emsvcla

  • MD5

    81ed84aefb34637f57d9cbe1c582a642

  • SHA1

    3a11c4a0d2f9b27b73f858a0f0ed80b8dde30163

  • SHA256

    38968cd7d1bf8bf247faf15258689d178a3be9d0982807e6ceebc9b89c389f5d

  • SHA512

    9bf02a33c40ec53bc5ed8df3d51da5fa6ac918e6b6c7ca5ff218457c0b7549f7937f5db632773af15acb24045d1630977a6070be874f30d3bce29257d75c4c3a

  • SSDEEP

    3145728:MJ+WyQBc8MvD2hhYh3RWlLjA6GQ5QA0b0R32:MJoQBKvp3REjmQ/c0p2

Score
6/10
discoverylinux

Malware Config

Targets

    • Target

      theZoo-0.60/imports/__init__.py

    • Size

      20B

    • MD5

      9a3f6f9d5dc0e10f928fef1503884571

    • SHA1

      e9c431d00ecd7769aec2ccd544cde09e392511ce

    • SHA256

      ed6e532d85c9da5105bb78f3050f59b5476d30b6e8564b014a21bb0555c67caf

    • SHA512

      658b9d2040eb1ff539f45e00e6de5bc2ac8c533831788bd5a8a3e14611c0f93ec6d5f9cf935017c9b073d4e22f152fb69680efeb807c78df6a4ccb70ec514e4c

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      theZoo-0.60/imports/db_handler.py

    • Size

      1KB

    • MD5

      b8b24113150f9849c9433242709ddd22

    • SHA1

      1cd524efb69b06ba18098fe80913281d98f7c19c

    • SHA256

      e6ce5e564121d8499898b16e323d9731aa0f3b16a44d4a648dbac810ff0d2d82

    • SHA512

      817d44b6ced87676772903b8bc99a2db14c77d2b92bf604bf29d2f273f91c49bec3fe857e350cdc63b79395916b0d6c3de11d957e3ad1345d7c0435b1b41e172

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      theZoo-0.60/imports/eula_handler.py

    • Size

      2KB

    • MD5

      5945243f20801ac5cae79006709245cd

    • SHA1

      1b6a6f1988a0eb6c813bac4e7808b5f65da93cbc

    • SHA256

      7b295025e92902fc9a5ab3903f11f5131e09916ac6968dbc7137c32b958e4b55

    • SHA512

      d0301e61c2b7ab38b2170ba3f999ae08a7554d6a588c6486db7e24fae21ce003b01d883fe78e6eaf6771bfc0f651bf64891bb49b5b253cb3f92123abcaf722d9

    Score
    1/10
    behavioral5behavioral6behavioral7behavioral8

    • Target

      theZoo-0.60/imports/globals.py

    • Size

      5KB

    • MD5

      898cb82fcec620a3aa47449598bbccf5

    • SHA1

      bb95591bfb8c7e508994a59dce85dec4a0d29180

    • SHA256

      3c4fc9a150050ff5051bd3ff18793a3d68744edf0e6f882d491be84d2061a9b9

    • SHA512

      4ef698a8214b17565d3023b5c2d7f921563d00092dd6516ab7f89646309b4b9de9ce1e79092f0394c4bc970a72fbb4fa61f4000d00bc346563894ed98bfb5368

    • SSDEEP

      96:3A9NabLVZl1/QqgGXgwzzPbbF/066OKOlYlJwuZwF/FXNLA6:qsbLjl1/QqgGXgwzzDbF/066OKOlYlJA

    Score
    1/10
    behavioral10behavioral11behavioral12behavioral9

    • Target

      theZoo-0.60/imports/manysearches.py

    • Size

      2KB

    • MD5

      71bfc154118c8eb36c9cd38805ed68d8

    • SHA1

      f6d4c91df20dde8b20089eddcd6e3812133644d7

    • SHA256

      c6e6702a52425957468dd2dd36ed42b4db3a1fa32446629e7c23116bff83ddb9

    • SHA512

      103b9f9f831ccd4962d410d0fb6a921792bd9ba2956710d2e65ca1c26131045b9ca21ad956565c38e1b9319b0492105342afd86e9c2e58676f4c1cb872228c58

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      theZoo-0.60/imports/muchmuchstrings.py

    • Size

      1KB

    • MD5

      02918700c9f393c38b2e03f47abe8fe3

    • SHA1

      eac7af9ec081cce38e69aee2a4572a236d268a4c

    • SHA256

      4754dec66cba663f563f3318a4148c9fb2f0edca38e0eb63d9940d52fd405d2c

    • SHA512

      a6b1081ec9d3c74b39298aec91f0df3750a64e2bf85a96d66cb09d45e26553f21e328ea840a590960bdbdf0b17021b6ef521bf11f09287d15efe6456136a8e69

    Score
    1/10
    behavioral15behavioral16behavioral17behavioral18

    • Target

      theZoo-0.60/imports/terminal_handler.py

    • Size

      6KB

    • MD5

      3aac7e0535a19289445a0a3760549b47

    • SHA1

      2ec5eecce7e3a3fc27190022cc002c662f3748a7

    • SHA256

      bf48b314023e692b3efb04a762b4cb688e53d8ee3c9198adab281ac6f726dac0

    • SHA512

      7769e31596f465a4e79caf7c3d672fc40b0e226af564c3121960a13f61178ec1ba48b52a5bdcac91470f6eb250e050bac385a733f85b24603f49d28fe017ffd2

    • SSDEEP

      96:L2lir38jKz3Y/uTY7vQODkY0xuXUDpgUvm2mdkwVtAB9bHQ:LqjYYuTY7vmkm6C9bQ

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      theZoo-0.60/imports/updatehandler.py

    • Size

      4KB

    • MD5

      5201cb5157cacb4ab9f9effe96c21df0

    • SHA1

      927f864c9004ea4ea16e5fa06889316ee7726644

    • SHA256

      9a1af354c7e8649e18713c871f1a70c9c1e3dc3466d4b920fe95e3cc80f0d127

    • SHA512

      c027e9502031b7d4406d44209c5460c1c9fe751d5d292eec943e914b1de7234016e371ae140bdf245f97cad043949030d006662ca4fff9a9e69d66bdf056af9d

    • SSDEEP

      96:3A9NabL3WNL5WGjtAtSCy3ipV45tSCyx95tSCy+:qsbLgL5WG8SCFpmbSC+bSCp

    Score
    1/10
    behavioral21behavioral22behavioral23behavioral24

    • Target

      AndroRat/androrat/.git/hooks/applypatch-msg.sample

    • Size

      452B

    • MD5

      9cc72dc973e24f9623bd3fe708f60ef5

    • SHA1

      86b9655a9ebbde13ac8dd5795eb4d5b539edab0f

    • SHA256

      1ad01d00c0204fe740a77b5e8b6ba90f233d30fd172985198404b461da80d816

    • SHA512

      a31e790b1762b64fd2cca171455a054e9b52180481b15cc9c213e69edef960d1d9f296151068014fa12fafbec4ef8da838f1c3c76c79966a71405401f10b2a83

    Score
    1/10
    behavioral25behavioral26behavioral27behavioral28

    • Target

      AndroRat/androrat/.git/hooks/commit-msg.sample

    • Size

      896B

    • MD5

      579a3c1e12a1e74a98169175fb913012

    • SHA1

      ee1ed5aad98a435f2020b6de35c173b75d9affac

    • SHA256

      1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437

    • SHA512

      d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb

    Score
    3/10
    behavioral29behavioral30behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
6/10

behavioral1

discovery
Score
3/10

behavioral2

Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10