e4dcdd80c488a6d27b84af30fa264e66cc019809944871f17eed945390c0f867

Sharing

Copy URL

Twitter E-mail

General

Target

Zorara2.1.zip
Size

25.6MB
Sample

240904-1j5qnaxhmg
MD5

1709650236692bf56d5efc896074dce7
SHA1

6b06bbe80940c1d56c479b42aa7bca947353ba46
SHA256

e4dcdd80c488a6d27b84af30fa264e66cc019809944871f17eed945390c0f867
SHA512

6ed387eb7a9b9a74f1e4edb016efdf22ee741c2f6afec03754cc6ed34878c0a1f5094c4af668f804f1589d2a2ce711061bfc7c4d24accf3d0ad1722779105712
SSDEEP

786432:wK1JcfLR7gtYbRYjzMX7E1pQ7F2lvm5tas9YV/cPFecznJF:wK1JkRMY6zMX7E1pm2lvAnYV/c9ecznX

Score

5^/10

discovery execution

Malware Config

Targets

- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral5 behavioral6
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral7 behavioral8
- Target
  
  Zorara.dll
- Size
  
  12.9MB
- MD5
  
  fa13fecdb5c644e939209ecb1b09841e
- SHA1
  
  5d187479c109423fffa61c5e5cb10bc7916294b2
- SHA256
  
  feef100d5a021fdfb39c164029719944350bcb9c0b1fb37a82727ea4feb3d3aa
- SHA512
  
  ba9d1fec7e889b9248ea5c47d843f451f949671b62630cf5066d0cab5e208288ffe8c812c6bafd61f1a1c6eda6a26ebd195a50e20f5bd45ae7828b1ec5b704e9
- SSDEEP
  
  196608:cz61PqPaDAK10OpP9KWgNQ5Av7USR5F7sOdfM7htlilL3WEMobQrbQJcGheTq:CetDAIEDN3nj73WJQLThQrbJOeT
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  ZoraraUI.dll
- Size
  
  725KB
- MD5
  
  39d289d719c11f25cc88ae3970726613
- SHA1
  
  5f82bea5614735aa23a658c480e9495561d20c8a
- SHA256
  
  0a014302b37dc5e5798d02db805a16c2b0ff7aa7c0da79a2db621b7973710a01
- SHA512
  
  5c1ab3dd545328c230c65283b5f79c737e6fddb97696b59776acb8c0c327757e677a74e1c79aef636f3be01fb740cb6866a3feb0962e315116cf1cbdec88956f
- SSDEEP
  
  12288:3UmbByRgr/+Gq3ougPuUvEOLsdZp3rD4IT4Yjyi/nN6qR:3fbByRy/+RlK8mM3PvTE
Score

1^/10
behavioral11 behavioral12
- Target
  
  ZoraraUI.exe
- Size
  
  254KB
- MD5
  
  6acb5bdb3506ad12c59cf8a33bb86a0c
- SHA1
  
  7dbc8c9165bf01f3a2263028bd7b574e0093ae80
- SHA256
  
  b2394ca66b06a31f8b53291df1d87677f89c5efbfc13307e1019d1d2f16857c1
- SHA512
  
  94dbcdb8f0bfdc7ff2b3e1c160be12288392c00fb21263534c60dc7b291a40239974613cb1e8ca11581bfe5d9f23bcf45d4810dada13647597769c26bfe65266
- SSDEEP
  
  3072:WjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOBhBuSmYwSKgIwM:WjK4TDUqgpqWDLZ5H+xuZ04ihASN
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral13 behavioral14
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral15 behavioral16
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  bin/Monaco/index.html
- Size
  
  10KB
- MD5
  
  5f200b725ef76b473cecbb5d452d849b
- SHA1
  
  6f42fc7a947a489f7d74370efce6bca7c7cf7240
- SHA256
  
  fd084fc0daecfef0a6f6b89b4e1ad542e508c0003f2debf07aa3eeb725ccb6c8
- SHA512
  
  fc350662fdf0e9d36cc842cbde94e035c0c51874993292543595a5b104112fd600a17d37e30a0d625fde6d338cbec05545e830b161b69e5e74c3244bc436a4d8
- SSDEEP
  
  192:yC5GCW9bvbQ3QJW5MDQiVKLkcmc/VT+9taAc4dReigX2:LGCW91k5MciVQ2
Score

5^/10

discovery
- Drops file in System32 directory
behavioral19 behavioral20
- Target
  
  bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  149KB
- MD5
  
  27ead90c7702154755785e0e53398755
- SHA1
  
  86b59485fe6f6ccb1805183fa75062a2ac1c859e
- SHA256
  
  bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
- SHA512
  
  6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82
- SSDEEP
  
  1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  bin/Monaco/vs/basic-languages/bat/bat.js
- Size
  
  2KB
- MD5
  
  4cb475399c4490eea41982dcd6d9653e
- SHA1
  
  fc97d57206ff7fa1c89ff0fc9f6e2f04a20ea185
- SHA256
  
  9bca42394fe8922fec24b768eeb8ce04692de6fad82f9052d5b7e70f5c6b0f40
- SHA512
  
  27eefe83cf38a7d784414d99b472f6fcd7e595691eb0f368254ba1f71aaf702840b62bf232c30c515a8fada234699fefeef496c0c24669cc158cb567227e4783
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  bin/Monaco/vs/basic-languages/coffee/coffee.js
- Size
  
  3KB
- MD5
  
  9d0c4ac1691eed0a480c3e9246490d29
- SHA1
  
  38258864fd070c35cec6b68715d58771df9fe3e1
- SHA256
  
  e706c9f8e5c5a0cb01b2f4e4879ec34a050d6eb2a8840284eb7badd9d78099f9
- SHA512
  
  437a703607a9f0cb96ffb56312d149b95f596290591d14098c36d978b2e1fdba3c3712c9099923bc0a709c5c0ebd7eea868f63dfbcc69cdf5a9325b8a67006b6
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  bin/Monaco/vs/basic-languages/cpp/cpp.js
- Size
  
  5KB
- MD5
  
  0a16509e6cd0155fb622e785cfe976c7
- SHA1
  
  7afa7f823191c43d7a4bdd7d91577495de62c21a
- SHA256
  
  a7c2bea7ca3d9e203a3a286735945fe010c8f4f8d46620386ee8befc6a78b32b
- SHA512
  
  2cbc48cb10c467561c6a84f59405e9c2f864640b3a21e6fe5cd14ad1a7ca5667b766b3c0511df26f28205dd17338a878bd1164a4f5875235a73214f3e4aeb49d
- SSDEEP
  
  96:hFDMgRs/rbV1+gqVV1+/LVb9ZRC2seM6jjz13MwVcEghhb6Yw76wGcmvRBNIs:hZGrTOcVv5M61h8hSeiYL
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  bin/Monaco/vs/basic-languages/csharp/csharp.js
- Size
  
  4KB
- MD5
  
  f8f841d13c9220e15dcd6bc386b37ba2
- SHA1
  
  2b8b7003820d19ed83afde98c845db5e3d5753f8
- SHA256
  
  6b3be9a86ee8e3202f51745d94d24cc1eefbcf7d9e6d94fbaf70146b084e835f
- SHA512
  
  0b167865b8d7847792c80144e83bdf33655db6ecc0934bb3290f8b5793fee8168aeaf9d74b3541a9424c4f180aad496c2d8710e3847a5bf9d4b2c960ddea4ae5
- SSDEEP
  
  96:hFDMgRsVx+rbV1+gqGV1+hmQuq1cBh8b7gj8/pLxb6J994wGcKU7dYIkI:hZi+rTtPsRXpw9SiKUJGI
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  bin/Monaco/vs/basic-languages/csp/csp.js
- Size
  
  1KB
- MD5
  
  22ada25d590811dcff4e5f5d698e583b
- SHA1
  
  c43d4846967d5037ef05b102e49d1fbc54e45fbc
- SHA256
  
  4b5a5d7d50986b86b00833447e097c0f01a4388ce1765b48e7e371d06e3a4789
- SHA512
  
  c8373ea0b78114f82e8bf027473f72ada0d8acd51623152a0072111d8b3b7d5ac310a1cc510c4e4cd2e97a7686db3c87b2da675fc910898bd11108e4b50ed189
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32