Overview

overview

7

Static

static

3

meowrara2.6.zip

windows11-21h2-x64

1

ZoraraUI.e..._1.zip

windows11-21h2-x64

1

ZoraraUI.e..._1.zip

windows11-21h2-x64

1

ZoraraUI.e..._1.zip

windows11-21h2-x64

1

ZoraraUI.e..._1.zip

windows11-21h2-x64

1

ZoraraUI.e..._1.zip

windows11-21h2-x64

1

ZoraraUI.e...s.json

windows11-21h2-x64

3

ZoraraUI.e...as.hyb

windows11-21h2-x64

3

ZoraraUI.e...be.hyb

windows11-21h2-x64

3

ZoraraUI.e...bg.hyb

windows11-21h2-x64

3

ZoraraUI.e...bn.hyb

windows11-21h2-x64

7

ZoraraUI.e...cu.hyb

windows11-21h2-x64

3

ZoraraUI.e...cy.hyb

windows11-21h2-x64

3

ZoraraUI.e...da.hyb

windows11-21h2-x64

3

ZoraraUI.e...01.hyb

windows11-21h2-x64

3

ZoraraUI.e...96.hyb

windows11-21h2-x64

3

ZoraraUI.e...01.hyb

windows11-21h2-x64

3

ZoraraUI.e...gb.hyb

windows11-21h2-x64

3

ZoraraUI.e...us.hyb

windows11-21h2-x64

3

ZoraraUI.e...es.hyb

windows11-21h2-x64

3

ZoraraUI.e...et.hyb

windows11-21h2-x64

3

ZoraraUI.e...eu.hyb

windows11-21h2-x64

3

ZoraraUI.e...fr.hyb

windows11-21h2-x64

3

ZoraraUI.e...ga.hyb

windows11-21h2-x64

3

ZoraraUI.e...gu.hyb

windows11-21h2-x64

3

ZoraraUI.e...hi.hyb

windows11-21h2-x64

3

ZoraraUI.e...hr.hyb

windows11-21h2-x64

3

ZoraraUI.e...hu.hyb

windows11-21h2-x64

3

ZoraraUI.e...hy.hyb

windows11-21h2-x64

3

ZoraraUI.e...kn.hyb

windows11-21h2-x64

3

xxhash.dll

windows11-21h2-x64

1

zstd.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    meowrara2.6.zip

  • Size

    51.7MB

  • Sample

    240915-ggm82syeqk

  • MD5

    5f85bb94f8605cf418b39939cee33d19

  • SHA1

    cdece383d40cc38d899278f059468b9ca3aa84a9

  • SHA256

    2474b9f9e17523d6002ce1bd0f242ed1082e000d2b2ec5603dc97ed691e0ef9d

  • SHA512

    183322eaf01c0cb8663de530449a78075647edee3793e3784c77d5b5b43a4cac08ab9f668f19261cfb7db615ae9bab732f05db9ed5527bddb406a03c34ed2514

  • SSDEEP

    1572864:JjNPxL6HkXAH6a/zu224yT39jVqmVicZ6aYrAsQgpdgwi09:JLXAaa/z8tjVqwiLa/SgC9

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      meowrara2.6.zip

    • Size

      51.7MB

    • MD5

      5f85bb94f8605cf418b39939cee33d19

    • SHA1

      cdece383d40cc38d899278f059468b9ca3aa84a9

    • SHA256

      2474b9f9e17523d6002ce1bd0f242ed1082e000d2b2ec5603dc97ed691e0ef9d

    • SHA512

      183322eaf01c0cb8663de530449a78075647edee3793e3784c77d5b5b43a4cac08ab9f668f19261cfb7db615ae9bab732f05db9ed5527bddb406a03c34ed2514

    • SSDEEP

      1572864:JjNPxL6HkXAH6a/zu224yT39jVqmVicZ6aYrAsQgpdgwi09:JLXAaa/z8tjVqwiLa/SgC9

    Score
    1/10
    behavioral1

    • Target

      ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.42AF0D1905C8F1D8F6167365271C4549A73603B838BA58B9A664C57C00DB1EE5

    • Size

      783KB

    • MD5

      f3e5f7de5184a6aee396ce71a0b45840

    • SHA1

      84d92390f346cee527cb890d938f3522f916a386

    • SHA256

      42af0d1905c8f1d8f6167365271c4549a73603b838ba58b9a664c57c00db1ee5

    • SHA512

      4ce26e46105e4da26ca1fa6d5cc869bab234ed5baf68fd397bddcf1c4d47f642e89c3e210629efa8b8831596bd1321b298e34b4d60b4daa9cb2f7967c68531bb

    • SSDEEP

      24576:r+wlAtUkNexKMU7ngXEwx2IXwoiBjwoiBI:rTlMwEzkEwQI2KI

    Score
    1/10
    behavioral2

    • Target

      ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/ndikpojcjlepofdkaaldkinkjbeeebkl_1.8657AD8DF1B23B55192C68D707CEBC7653AC24FBD8F4EABDA9F8954FF88F1634

    • Size

      1.6MB

    • MD5

      d2687845daad246d0282aa916ef5f9b8

    • SHA1

      f6fa3b70e8f2508b40bb62b263eb23b3b2c56001

    • SHA256

      8657ad8df1b23b55192c68d707cebc7653ac24fbd8f4eabda9f8954ff88f1634

    • SHA512

      6c506a3b85d94126890518a3fe9d827313d7823d7178b25d42aa2c15d65c1bea26950fbac3fb4b363cc2f7d34b2326f092ff0880776d338bdc085975b9d4484d

    • SSDEEP

      49152:mGB5EH8IG0NyDG65GL03LVYI+Sk6hcePuO:55s8bFG6IQ3LVYI+R6XPV

    Score
    1/10
    behavioral3

    • Target

      ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/oankkpibpaokgecfckkdkgaoafllipag_1.44C48B9ECD87ACDDD850F9AA5E1C9D48B7A398DEC13D376CD62D55DADBD464A5

    • Size

      22KB

    • MD5

      cbfd6b1a1f278778950a4fcb6d683008

    • SHA1

      ae27d38af7257c4c846970116807244b723881bd

    • SHA256

      44c48b9ecd87acddd850f9aa5e1c9d48b7a398dec13d376cd62d55dadbd464a5

    • SHA512

      0c7c46ccba1048496127c40592774f7b211f57f002de84bd28d3b023ad3d81bf68e9aa8db2dc8dbf9eb3a176e2733a34318810a06db3b9a8d662f5b5e188d91e

    • SSDEEP

      384:2Kz+yjT5FaTB29uJID+2Qlyi+jBzAi4dLQTf49fmA4tVyk4exlfiMRoLnJ:L+yjQw9L2lyiSBzJLTCmJUei/nJ

    Score
    1/10
    behavioral4

    • Target

      ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/ohckeflnhegojcjlcpbfpciadgikcohk_1.26123BEF7D73536450862D2C4D44963D720AA80B6FC2D8496F559CB9C1FDEB00

    • Size

      1KB

    • MD5

      a36d70bcd9333175811c53122f7d2c1d

    • SHA1

      9a9a0c0ac2fc1db6e7b78868c8d4c96d747b8f1c

    • SHA256

      26123bef7d73536450862d2c4d44963d720aa80b6fc2d8496f559cb9c1fdeb00

    • SHA512

      e69aee2d91c50dd63030bd64cd12b5120c1db9871caf3c26b2cbf29ff96891b5f2e7d1388e4b731f77d7fb24904f379a6a8d5c1b2aacf8a8501fd0111ab0caf5

    Score
    1/10
    behavioral5

    • Target

      ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/ojblfafjmiikbkepnnolpgbbhejhlcim_1.C1E0755E98DF77F5A56556098D6898E27C5295377F6F0703EF98DB199920CDB5

    • Size

      13.8MB

    • MD5

      d636f20983b6e5ddbd9065dcd89631ab

    • SHA1

      65237dd62e6f301c136dc15617ecf6717ccf9afc

    • SHA256

      c1e0755e98df77f5a56556098d6898e27c5295377f6f0703ef98db199920cdb5

    • SHA512

      b12f5e1f90688e3d677487ebc9520d0e9f13b0fccfe3b50566fdd8efc67b3223dc9c3e69acb6faf42ac99d4040bc52cb56458ffcd7e3898c4900d909a3ab3519

    • SSDEEP

      393216:9Iun3ut4GGDxGJLm3aQg5A5ofLQs3zqO6XWTywigGC:NTGGOLm3n5ozQsjl/WwigGC

    Score
    1/10
    behavioral6

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/_metadata/verified_contents.json

    • Size

      5KB

    • MD5

      20a872146aa601d3fc29151376104d4d

    • SHA1

      5da2b0ca7504193496d27823734967b0927f3ba1

    • SHA256

      4e72c4249d8cfed61cd21a330d9116c97be5d6f1a0a90743a365f62cccdafefe

    • SHA512

      73a89ee262dacdbdf8e8fa595165fdad179a1207ab9a9abda3f85582fe008e18bb0b4d9519db59bb34be8c31fe3cc83d8aa664c4e628ec3c79651af874c32182

    • SSDEEP

      96:ROI1t7VWFD3F8CRHIaRF9Ngl6PT5jO7a56JYi/GIEQIuB51d:R7t7VWFD3FT3C6PJKHEQIY5f

    Score
    3/10
    behavioral7

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-as.hyb

    • Size

      703B

    • MD5

      8961fdd3db036dd43002659a4e4a7365

    • SHA1

      7b2fa321d50d5417e6c8d48145e86d15b7ff8321

    • SHA256

      c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

    • SHA512

      531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

    Score
    3/10
    behavioral8

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-be.hyb

    • Size

      5KB

    • MD5

      087de134f3b23a9944afd711a9667a0b

    • SHA1

      1b67d0a65ef91295207d66e62b682803aa74ef00

    • SHA256

      25b7cfa039f82ac92990e1789de40988d490db9b613852fb24036b38ff87893c

    • SHA512

      42c0b51e0e28109a7058d3fc03fa7bef8b25c9b3c8bb74933574fad06c061fd1636b53eeeacf652e438d4df08002db449681be9e6e6821ec23d32a8be1778998

    • SSDEEP

      96:mmfvnESaDPq1iYM7N8gyurprJr/P5FwBlh/RT95vtEUnbpwROaQPP/KV2L+HCdYV:XfYPq1iYyNk5p50OwQPP/KV2L+HCinCO

    Score
    3/10
    behavioral9

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-bg.hyb

    • Size

      3KB

    • MD5

      e8a4f8f5238f9a0ff6968ad8dba2755f

    • SHA1

      abf002ff28b3aa2a59948225e5e600096348caa7

    • SHA256

      7593f0395081e3eeb2d8516d10746608afd826cffd4e7e37d53936993d200a13

    • SHA512

      b54811e1be6e63bf19e408ac4ae9da86e1473e4e8f1e9d517d907e025be20fa6979517339ec6defd0ec30613ed42a97d88111d39297214afa7606597cba5ea86

    Score
    3/10
    behavioral10

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-bn.hyb

    • Size

      703B

    • MD5

      8961fdd3db036dd43002659a4e4a7365

    • SHA1

      7b2fa321d50d5417e6c8d48145e86d15b7ff8321

    • SHA256

      c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

    • SHA512

      531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral11

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-cu.hyb

    • Size

      51KB

    • MD5

      b4e5921b1df85ba9f2ebe6ce578915f6

    • SHA1

      b5f2e813667aae32e65cab9c9a0dd291421ada0b

    • SHA256

      2baee19d5024ff87dcf3a1b9d0da1b3ac5a1e506adeead3b96a4de5395d0290e

    • SHA512

      41696a9e25ca004acdc8def265766392ce3568747560ff73cd08ac9fa4a99e4c4654fb84dc602845b3e444a8312fb099c72932471f7e830874cd7cfa184b63b7

    • SSDEEP

      1536:a5OMYzUXoeoZA7SmEUbxucj5DTKZ2oVXEyb:a5JYzUXoeCA7SmEU9ucjBKZxJEyb

    Score
    3/10
    behavioral12

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-cy.hyb

    • Size

      35KB

    • MD5

      b0f32ed7b4b8a068a962d820627b7229

    • SHA1

      76734e58bd33c4d1450228bf05e53cfe169a02e6

    • SHA256

      4d0569fe2f4b41b3164cf610310e1d996fd2c553cc39de6062e50f4e033cc207

    • SHA512

      8f20253985c217401627e0c7d31aa1bf213fa220bb498869e11e1e532c3c82dbc2abe6ffa27c69243913243af1aeb35806175511d77d730c914b1cadd71aa7a0

    • SSDEEP

      768:s022NAK9/8ei2v0BJlYZqNCII2vfP+DzEKd8mPBFDpvH5aWg6:c25X/MBPjNCIISkTPB3RN

    Score
    3/10
    behavioral13

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-da.hyb

    • Size

      6KB

    • MD5

      d0e160dca547eda390d6cc7c4a1f7ac6

    • SHA1

      7eb71819675e82b1bb92428e07fa6b05cd1854d8

    • SHA256

      86fdfc8db62cdaa11f615dad3712da1f4708294e029a4aad0fc285d4ea16c4bd

    • SHA512

      9be5f673962c6049ed1c796a81aa7be72a1c7715fc2d4610cf6565541c7bb145d068b94b5fdadd30bdb5f5287ccc2055ec1dc9e11e4c5b8965d59ef73ab145c4

    • SSDEEP

      96:op8RuPmWKvTES4MDmKQS3mAdi1flBiLwHR08fiCkUNGrvYe4KiGn1BUBkQH:op8ImWKEGS87diLBiLUfoUNGrln1BUBL

    Score
    3/10
    behavioral14

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-de-1901.hyb

    • Size

      118KB

    • MD5

      dd9d0a81d897f88f76c1f6d69fb7483e

    • SHA1

      520bf6111f902196591ea358fa8ab4ae89ee0acc

    • SHA256

      8c5fa4b29519d17593e923bc6a9a284df7a6d07fac42f897110b8fb2e0baeef5

    • SHA512

      8c0a339d353cac1c66542bcfb7d41e7241a59a1886fe8a189aa155aafdf3bd23274f956d3d8a49be5b23cceafb516648a0e0b44f67e6f5ca60e216fb3f362ccc

    • SSDEEP

      1536:4S0havr6N41g38Gnzvueua0+Az+u3tnQrI9LKyQh9HzSWwwwKYf+wBuLxfrHmu:5cae4TyzvqaQzjQMuSWwwU+RpT

    Score
    3/10
    behavioral15

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-de-1996.hyb

    • Size

      117KB

    • MD5

      e7a9906b316d478b55bf8ebcbbb1d1c5

    • SHA1

      5688453de9afb7405960980dc93adf9296aa2f4a

    • SHA256

      d673805547a0228d2f57a5ad551b8760cfcc521f38c49284ed3976e3515bca49

    • SHA512

      36e6beaba33a16203f996d6e8fd987347028d590a4b4bcd4d2a129876c486e03b9ba13f279f301e91aec1e0f8e91bf109a27f2b464f15a3e1a2b56d03473b69c

    • SSDEEP

      3072:+GQAdd4u8VlGiVdYQvi792ovhcxX9iEaAGGceTUjnnfxXElEg:7Q+UfN3RiEaZGceTUjnJXih

    Score
    3/10
    behavioral16

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-de-ch-1901.hyb

    • Size

      117KB

    • MD5

      c6773229845710633d3a4d6dd9800fc5

    • SHA1

      1d4c2e5f3ddf5627164edb471e8a8177993449f4

    • SHA256

      8223a912160354e05735522fdb339dc59b353ad5d1e4f4cfa94898dc348e748f

    • SHA512

      ea69926520429cd934d52d84a7fcad6bc9bb654085d8d1de813e73f191ebd7b310e2e68b4bb43fecbd88cfd15ead7fe295405c01b7fdc225914b0477c08d4e01

    • SSDEEP

      3072:iDCOweCoHgtKmiQaf6ZCM1BKstDcqZnSmEBQBkXmhHB71:CCZeLHgtlG6dzhcqZnSmjkXmJ

    Score
    3/10
    behavioral17

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-en-gb.hyb

    • Size

      45KB

    • MD5

      fa3dcb77293a058277cb148a0ff491fa

    • SHA1

      3335315b13cd82075da2adbebe32759c01833e8d

    • SHA256

      ae4b78009d18e849d87458677151ee3aad1608ad72ec050dfd2421d22e7d031f

    • SHA512

      c83a8c4eb29c3171fefe983c3e342b6af1bc1add7288c75c5a782dc14f12d2af83043c2b43c9ab3e5db61c91de6d7cb473746517debcff7ac2c0f05bb8b0971c

    • SSDEEP

      768:8CPGXSlQXvRVYVL0xpPuB5YBBaEiQD6m8eft0Sr+uh0d3TPwHh8fJVVoxUb:8bXQMZQ0xwB5Y7aEiQD6mPf2S6uoTPwg

    Score
    3/10
    behavioral18

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-en-us.hyb

    • Size

      58KB

    • MD5

      b2693233d14890c81d322bec948549e7

    • SHA1

      7ea8e42e319305010d3e6568fb4983171583dd06

    • SHA256

      03727cd6f4aa71b203c4c74ca6987ac7d87f13037337ac6f4b6996c2a0dc5f8c

    • SHA512

      1bcb5a9c3db408fba6a6d02162a294c5c7264d4b202eb332da8d02c0c662cb070cf1534d5aa0754788d35abc88273f3337ca5f302ada95bcad077eaa52804915

    • SSDEEP

      1536:h5tXyt+U07SAFarfxlLXSwk1cI3P05j23Kqo74TKAqs:JCtYuPrfxZE1c0o26aT9qs

    Score
    3/10
    behavioral19

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-es.hyb

    • Size

      14KB

    • MD5

      f6bd0377237fca3c4b7c6a6cb244298b

    • SHA1

      b8df975889cfb06fc97db3d63a7820b7cf621f40

    • SHA256

      137461792537a2e56a6475e81e2b9ad7a2bdabf1f4738fae186dca3022357349

    • SHA512

      0a36860580e295122f5e49091127386edc762eedba80a2d7ad958ab33307aabcd420173e08ae797a19664bc830800d92c548f3e434bf19bfd7791e50e0c45c2a

    • SSDEEP

      192:j6aP1LZOFTlMa6Xb05w4rsv6SHyg8jNIcG3VTCkde7QpCKBz1iBOJGPJ3IDIHmz:hP9er5wKGhSfhIc4yyC+z1iM0PtIDIHQ

    Score
    3/10
    behavioral20

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-et.hyb

    • Size

      20KB

    • MD5

      2ae42ab807286f6ec0ff1876d9536b0b

    • SHA1

      cf3bbe7348eaf2cb3d93c5cc10964bb8d1ba07c1

    • SHA256

      10079c66014dd2e6abfef5a018e6553fd5a036afb96bd2a235440a188f88b15e

    • SHA512

      13c193571a7374bb169f6f0f06a9af7f8251cfcbf60825a85396c907d40f7837c8efd0a7bc8b6c4deed2bfca7b8508f132932d7860c2c9a4fb568d8ba2acaea9

    • SSDEEP

      384:1HSUqMAZs9xsrscHJvMC0rWxMabdxhDPWSZuVyVm44/DasJVwLf3:1YanasivMaMaZxFPWSZ+EaZVwT3

    Score
    3/10
    behavioral21

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-eu.hyb

    • Size

      665B

    • MD5

      e90ea97070cfcfa795fbd807ac300d34

    • SHA1

      8c83b4cd54d394aeff31b14a219f2a3562132908

    • SHA256

      e2778a4fc7b8f064a32b6a44bc29f10e264d9d6214b8edb8ebd1f5f6d68e2eb2

    • SHA512

      210dd857f7799f1a926c7aa73f26912ad60723e099acf1566bc39efd445a1b194be4dc557d5da6874e7d75a37115aead9389b8009eec1422764e6648fe4cf8f1

    Score
    3/10
    behavioral22

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-fr.hyb

    • Size

      7KB

    • MD5

      092e0a95d6dada26ca56d2ed558749a3

    • SHA1

      40bd8296e5e852fe725c7119083a8d5614037cf9

    • SHA256

      00bd8b2d398d77575da2bfbbc5ec641aad7f2a87d4a31186ec169e85a27de5b7

    • SHA512

      c04ba62f4a0336e9b25bd2f6a8c3cb82c8b6127c1c04fc173abc9bf03767a9ffe18c9241b301d6f71f79f3377bc990f25f099d7660880c097a9cf4bb1e4bd48f

    • SSDEEP

      192:Yq67m0o5PsoVQ5rT1+Eqy2G0Xy7i6uccc/J66POIY2:YHmkeQ/1v2Gay7Bupcx3vh

    Score
    3/10
    behavioral23

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-ga.hyb

    • Size

      34KB

    • MD5

      768032a419e0ae3bd870d591e2173715

    • SHA1

      58fd709a1dc40176fb72189c20567ac1950b9db7

    • SHA256

      1e3043f395bfb2a4c43d0480ba2f168ed622881cc3482359ca6e99821e983be8

    • SHA512

      4a4ca1f735b82f625002b0292f623179f2a6ce736f633cbfd6868e3db0709eb06eb462bd9da3ffa8365c3c38fdacba735ad32266cb3ec33d3e583ed073d0e3aa

    • SSDEEP

      768:eZAG7bymjpz7qBZWBHn7xbeGhs0fCJRc3uQz3sfLsCPI2th4k/:iAGfJjpn2UbxbHhJaLc3pcfLFP/4S

    Score
    3/10
    behavioral24

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-gu.hyb

    • Size

      655B

    • MD5

      f6dc4e0fb974869d3d9457c582a38690

    • SHA1

      e6708afa342639eb96cb97d1f541a421b2626d00

    • SHA256

      af0edb67c2219b803c3eb6c1dee6f2d41a3fe00468a9da8be8ef5056d701abf3

    • SHA512

      a778236fa8c5f28e747214d0ba0417aca1c9a95e4c013fbc21e6defe39d0421a2b27ccb27e6f248404a9f6b5cd1014574d0478078f36af2a0181872ac8173d72

    Score
    3/10
    behavioral25

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-hi.hyb

    • Size

      687B

    • MD5

      0807cf29fc4c5d7d87c1689eb2e0baaa

    • SHA1

      d0914fb069469d47a36d339ca70164253fccf022

    • SHA256

      f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

    • SHA512

      5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

    Score
    3/10
    behavioral26

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-hr.hyb

    • Size

      2KB

    • MD5

      1864e47e724bb7f9c052a2840eee21d9

    • SHA1

      9749136107913d6570c0c46ae2b52e66d8284c38

    • SHA256

      d5f066a5657f1d7c39d053956df204b7926f40d2fe4f69573af09d909066e26c

    • SHA512

      2d6e76aed93652510f5864dde1e1923c67e7413e895abfa8fc7e8c9177e228e4d153afb7099b86697d1662ca3124ff2173f4aab2c978d52583a8e2dbc70c0842

    Score
    3/10
    behavioral27

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-hu.hyb

    • Size

      309KB

    • MD5

      37b1f197e8dfbafdac4597edcf673e63

    • SHA1

      e672c6870417c71acdcda6c16a7185d7a868eb68

    • SHA256

      8b3a16268cc932b226c17ff405b3cfb6eb38a9511a2043d653dc03729efceac1

    • SHA512

      69ee820439633b348bf8efdd3c498a30270753e53ff78d022bd1b295c6c95e0501955009f610a12fc55c786a563b0af40d2b69a7584b47662b943acbac2d3634

    • SSDEEP

      6144:wxOMr0dBjIg2U0RT7c25PkvQoc6yzRcOmpTeIrDh2ky5khBh13kwTbqgT3Gfhh4D:wvkufNkzFtuWlAh36

    Score
    3/10
    behavioral28

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-hy.hyb

    • Size

      605B

    • MD5

      70ea4451c3a26fd7197a3d2188be4152

    • SHA1

      e0c1390d94876bf2a3cbdecaabb0e335bd86355d

    • SHA256

      9b34dfca85cb27546829f104f137757efb274934c1e9d4991f55ad564962a76a

    • SHA512

      ac957947c51ea23a9b7ca482db08f0ca3332b8048025a96acb01a4486c1a87c3f3d08898e94cc8e0b20721c56ce708fb37e1bd81bee1fedba60a7f370d5ddaa4

    Score
    3/10
    behavioral29

    • Target

      ZoraraUI.exe.WebView2/EBWebView/hyphen-data/101.0.4906.0/hyph-kn.hyb

    • Size

      711B

    • MD5

      d986ac2e7c75cf3ef929a7a269ae0d5a

    • SHA1

      de8bf2ee2b8a77102337c45e5fec924c6c02355b

    • SHA256

      2b999d0a152f804601aa8f38ff0d3a6e5949977bf1daa76fa888acae21526287

    • SHA512

      5475c82fd5074334bc5f0f89edab62e94bc5865da0432c6f830b50db3045afda12bb698659951f6d0f76c55a43e1add8d47ad7fd03597bbe92d8178ad4783c71

    Score
    3/10
    behavioral30

    • Target

      xxhash.dll

    • Size

      46KB

    • MD5

      249a5f6ca047df2a2f802782696c7f80

    • SHA1

      6a1d96be0f497d689fb55de70284af83cac61f52

    • SHA256

      2828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671

    • SHA512

      d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f

    • SSDEEP

      768:zziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3QimeSyygGz1K:zziR74kgDn2rDRuIrN5mAvgbTgi3SylI

    Score
    1/10
    behavioral31

    • Target

      zstd.dll

    • Size

      638KB

    • MD5

      21dfe873f6ed38f2f713ecd43ad1ba41

    • SHA1

      7648cb043587da0e85743f9da8dca8be621ccdf0

    • SHA256

      2a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997

    • SHA512

      67b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919

    • SSDEEP

      6144:XbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4eTTzp:XbauYGT5BYMxjDHMk0petRCEyb9emHW

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

27
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

discoverypersistenceprivilege_escalation
Score
7/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10