General

  • Target

    4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874

  • Size

    1.2MB

  • Sample

    240915-1yccnavgrp

  • MD5

    43044a8822f069feddd9c02fe36d8517

  • SHA1

    7ed988939944d311a580e145198a6b4cc5741355

  • SHA256

    4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874

  • SHA512

    fb7f178877f94e7132508d1475dfdadbd2b71f4d8b3c779e509829fd2ea4d223328a389c6521729616cd15900d72b57a3fe0f0b6502c9bba7c60194c65d66f4b

  • SSDEEP

    24576:v9tuVdYYq6r4KmT/VKl/kb9sY5uJ1VMa6z3ZD+yA5HQMh4/Vp58t2Wcd:vD+Js9C0udwtzJKyA5HQcKUzy

Malware Config

Targets

    • Target

      4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874

    • Size

      1.2MB

    • MD5

      43044a8822f069feddd9c02fe36d8517

    • SHA1

      7ed988939944d311a580e145198a6b4cc5741355

    • SHA256

      4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874

    • SHA512

      fb7f178877f94e7132508d1475dfdadbd2b71f4d8b3c779e509829fd2ea4d223328a389c6521729616cd15900d72b57a3fe0f0b6502c9bba7c60194c65d66f4b

    • SSDEEP

      24576:v9tuVdYYq6r4KmT/VKl/kb9sY5uJ1VMa6z3ZD+yA5HQMh4/Vp58t2Wcd:vD+Js9C0udwtzJKyA5HQcKUzy

    • Detects ZharkBot payload

      ZharkBot is a botnet written C++.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZharkBot

      ZharkBot is a botnet written C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks