db4c81c57b5b103b74f01d2f1c3b17c59351cd2ce291a0a1195f0c5f4966cff7 | Triage

Sharing

General

Target

Zorara1.3.2.zip
Size

39.7MB
Sample

240825-1x6j4sxepf
MD5

9dcd7144af9711bbc5f9bfc2a06622c5
SHA1

6769bbe185b244b79b28a9e0ae11acb611235236
SHA256

db4c81c57b5b103b74f01d2f1c3b17c59351cd2ce291a0a1195f0c5f4966cff7
SHA512

c69da49bc18bc3eb8e0bd3ee14adbe01a438ecce6be8f74c868067704281ca1c01154d21da26d866a30aeaf576672e4bbe82b5f1c11d141fb842dec22ee6447d
SSDEEP

786432:Qz32ceQDLuFfk6fa8+6eUhaAQcdCROsi3fMNLF+m38sFy9Pw+N0V6AddWGixwwG:kmceQHudjfab6e9AQksYfWkm342qA6kT

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  Zorara1.3.2.zip
- Size
  
  39.7MB
- MD5
  
  9dcd7144af9711bbc5f9bfc2a06622c5
- SHA1
  
  6769bbe185b244b79b28a9e0ae11acb611235236
- SHA256
  
  db4c81c57b5b103b74f01d2f1c3b17c59351cd2ce291a0a1195f0c5f4966cff7
- SHA512
  
  c69da49bc18bc3eb8e0bd3ee14adbe01a438ecce6be8f74c868067704281ca1c01154d21da26d866a30aeaf576672e4bbe82b5f1c11d141fb842dec22ee6447d
- SSDEEP
  
  786432:Qz32ceQDLuFfk6fa8+6eUhaAQcdCROsi3fMNLF+m38sFy9Pw+N0V6AddWGixwwG:kmceQHudjfab6e9AQksYfWkm342qA6kT
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Monaco/vs/editor/contrib/suggest/media/String_16x.svg
- Size
  
  4KB
- MD5
  
  48e754cb54c78a85dcc9aaea9a27847e
- SHA1
  
  8d79b23037deb6586e4954305dcb4caee14afbd2
- SHA256
  
  d1aa361f33564e8f9d527a01a66c7ce35d73f23417432e80ddf51f562770ee79
- SHA512
  
  f6d902b5c73b59636cb71d4019ff45cb77532bf22aab28a8314697e24a62163a94140c97495ad5ce421c09c26e4bcbfe5a815eae27e945c51ccd80c2ba9c3a77
- SSDEEP
  
  48:CnN6wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKm:zJWFCMcfkCFGE6+yZCacJImkArbbqrAm
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
- Size
  
  4KB
- MD5
  
  6e5c0ce7ec09969f07ea6ee078ef8ad6
- SHA1
  
  deadc5357a26852d872bffa77d1aa19108603b25
- SHA256
  
  7d23c0f30cb9c05c81bb15785a3299772ae3cfbe51f3e04895aa1f23ffbeba5b
- SHA512
  
  2b02cb82f9e4720ee43bfc8b7fe5d6de38228329aafbedb589d5a219057c15f073023deca3c1ca5b65cea4a4f0d863ebd88c889b1d67119639fae2ce180863bf
- SSDEEP
  
  48:Cn7wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKHG:EJWFCMcfkCFGE6+yZCacJImkArbbqrAm
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Monaco/vs/editor/editor.main.css
- Size
  
  171KB
- MD5
  
  233217455a3ef3604bf4942024b94f98
- SHA1
  
  95cd3ce46f4ca65708ec25d59dddbfa3fc44e143
- SHA256
  
  2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701
- SHA512
  
  6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455
- SSDEEP
  
  1536:ZxP4PUPVP0PAPeMi76Q4TVq5bbhLynlDTkDatDF8Jmmvgs0aMJkn:p2bIRkDSYmmvgs0aMJK
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
- Size
  
  20KB
- MD5
  
  649fb0a55b0e0fc9d79e6b7872a14c10
- SHA1
  
  b33619c9dfd65d3f2e5a5fcb767a752123d51607
- SHA256
  
  fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
- SHA512
  
  3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd
- SSDEEP
  
  384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Zorara.deps.json
- Size
  
  2KB
- MD5
  
  5be949ef72fa15a09ca46d8fb96f45fb
- SHA1
  
  ae2ba8ede56ffb4020ce808e8e02dcde4e7b1cc0
- SHA256
  
  5b660a4e3b75ed4096fb20bb1de330fc5d7ca9aa53065f26c79f8c47f3ecfead
- SHA512
  
  66015e644fb94afd4621bef1e8c993127b732a848f35f1c9a24529c2b81bc455b6b4704ecc7f98012e25d87814c8d07ce59d85b26952b3515443e9bb4d5a2ac8
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Zorara.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint
- Size
  
  66B
- MD5
  
  0c9218609241dbaa26eba66d5aaf08ab
- SHA1
  
  31f1437c07241e5f075268212c11a566ceb514ec
- SHA256
  
  52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b
- SHA512
  
  5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Zorara.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
- Size
  
  134B
- MD5
  
  58d3ca1189df439d0538a75912496bcf
- SHA1
  
  99af5b6a006a6929cc08744d1b54e3623fec2f36
- SHA256
  
  a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
- SHA512
  
  afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Zorara.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
- Size
  
  3KB
- MD5
  
  6bbb18bb210b0af189f5d76a65f7ad80
- SHA1
  
  87b804075e78af64293611a637504273fadfe718
- SHA256
  
  01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
- SHA512
  
  4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Zorara.exe.WebView2/EBWebView/BrowserMetrics-spare.pma
- Size
  
  1.2MB
- MD5
  
  1045bfd216ae1ae480dd0ef626f5ff39
- SHA1
  
  377e869bc123602e9b568816b76be600ed03dbd0
- SHA256
  
  439292e489a0a35e4a3a0fe304ea1a680337243fa53b135aa9310881e1d7e078
- SHA512
  
  f9f8fcc23fc084af69d7c9abb0ef72c4684ac8ddf7fa6b2028e2f19fd67435f28534c0cf5b17453dfe352437c777d6f71cfe1d6ad3542ad9d636263400908fd2
- SSDEEP
  
  3::
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Zorara.exe.WebView2/EBWebView/BrowserMetrics/BrowserMetrics-66C6B458-1A20.pma
- Size
  
  1.2MB
- MD5
  
  1938fae83e5eff349f8ebab6e933647c
- SHA1
  
  3b60bd05135b4e0403867e34dac44b2753605120
- SHA256
  
  589ff9da5b8f458b3436a849a72d5d5a1173cffb9bf477a7b525eba714858cba
- SHA512
  
  a6676c27737cd77244c6c0f4c191936e06c0bf8249c22eeea53c4282be6de640195094626cd3aed4073bf01e360cc70a2c47c5764f244f905caea491a8c37139
- SSDEEP
  
  3072:8HvbOI7I2g1HFZ1qB+21CZPKTAkGdz1FoECOB27:8PbOI7I2aH7u+21CZPKTAkoC227
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Zorara.exe.WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/crl-set
- Size
  
  21KB
- MD5
  
  d246e8dc614619ad838c649e09969503
- SHA1
  
  70b7cf937136e17d8cf325b7212f58cba5975b53
- SHA256
  
  9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1
- SHA512
  
  736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb
- SSDEEP
  
  384:Vt71+czeWhU6yVS2Ddc0fp/9yYoIJgWUeJuDzeG0LOsr2h9ltQYX9hVPz/HG1pBu:j4sBwVPDdFhVyYoPWUiuXeG0K5dQYXFr
Score

1^/10
behavioral23 behavioral24
- Target
  
  Zorara.exe.WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.fingerprint
- Size
  
  66B
- MD5
  
  33fc4bf1927352bc1845acdde3a6ba63
- SHA1
  
  63ac2f004ac10198e729e9ccf55f6ac4f7f3c622
- SHA256
  
  4ed04e713c9d8f5d80e83645b62f1be84ec0516d37f339b3d443d8f792dea113
- SHA512
  
  7e38e264713750baf58dd9ad779885a7aae5a6fcb825eaa44b3cf814dd09cd0bf8f95b5ab5db600d19a64b02ec2155b4c9a3bc2a86e9b18eece8b3100e8c2ff1
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Zorara.exe.WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.json
- Size
  
  113B
- MD5
  
  b6911958067e8d96526537faed1bb9ef
- SHA1
  
  a47b5be4fe5bc13948f891d8f92917e3a11ebb6e
- SHA256
  
  341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648
- SHA512
  
  62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Zorara.exe.WebView2/EBWebView/Crashpad/settings.dat
- Size
  
  280B
- MD5
  
  17b49f252b85c26c62dafbbc6fbf0143
- SHA1
  
  9ca1e6c444839d0d2a70b31dcec06aec817dc1bd
- SHA256
  
  cad506bd311e63f1a0739e05c67544a1c86a4ed1799249b6daa877c98392770e
- SHA512
  
  98d417f32cbca11a36f10f7ef6023dd2d5e1fd3b0c5c57a5c5b16b2434ff2122977f37f489e4d7430f1d9eb59ab6e94bc258fd45d6c270358dfdd6be428aa84b
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Zorara.exe.WebView2/EBWebView/Crashpad/throttle_store.dat
- Size
  
  20B
- MD5
  
  9e4e94633b73f4a7680240a0ffd6cd2c
- SHA1
  
  e68e02453ce22736169a56fdb59043d33668368f
- SHA256
  
  41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
- SHA512
  
  193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32