Overview

overview

10

Static

static

3

yoyf.exe

windows7-x64

3

yoyf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yoyf.exe

  • Size

    906KB

  • Sample

    240829-retyxsxdrm

  • MD5

    e3dcc770ca9c865a719c2b1f1c5b174e

  • SHA1

    3690617064fbcccba9eacc76be2e00cd34bac830

  • SHA256

    7a41fa61102269baa65f7f762cf868c3c6a506fb58b590b6ae1352b864f2831e

  • SHA512

    c569ebd0b2286307ba5fd18deee905b550a4a84c19a54d0c4eb1a0f006acf7814cda0f44d8fb79c72e059e997fc49c2114cdfb698734b7570b967a5c8004b1b6

  • SSDEEP

    12288:bvsKwGRdLBBNNBqiLckdXZj8YNQDcodji13ywe4GOMvS5JfAu8G:bvs78RRNBqin7oYNCcoe3h9MeJ78G

Score
10/10
zharkbotbotnetcredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      yoyf.exe

    • Size

      906KB

    • MD5

      e3dcc770ca9c865a719c2b1f1c5b174e

    • SHA1

      3690617064fbcccba9eacc76be2e00cd34bac830

    • SHA256

      7a41fa61102269baa65f7f762cf868c3c6a506fb58b590b6ae1352b864f2831e

    • SHA512

      c569ebd0b2286307ba5fd18deee905b550a4a84c19a54d0c4eb1a0f006acf7814cda0f44d8fb79c72e059e997fc49c2114cdfb698734b7570b967a5c8004b1b6

    • SSDEEP

      12288:bvsKwGRdLBBNNBqiLckdXZj8YNQDcodji13ywe4GOMvS5JfAu8G:bvs78RRNBqin7oYNCcoe3h9MeJ78G

    Score
    10/10
    discoveryzharkbotbotnetcredential_accessspywarestealer

    • Detects ZharkBot payload

      ZharkBot is a botnet written C++.

    • ZharkBot

      ZharkBot is a botnet written C++.

      botnetzharkbot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks