General
-
Target
4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874.exe
-
Size
1.2MB
-
Sample
240916-blzvra1gnf
-
MD5
43044a8822f069feddd9c02fe36d8517
-
SHA1
7ed988939944d311a580e145198a6b4cc5741355
-
SHA256
4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874
-
SHA512
fb7f178877f94e7132508d1475dfdadbd2b71f4d8b3c779e509829fd2ea4d223328a389c6521729616cd15900d72b57a3fe0f0b6502c9bba7c60194c65d66f4b
-
SSDEEP
24576:v9tuVdYYq6r4KmT/VKl/kb9sY5uJ1VMa6z3ZD+yA5HQMh4/Vp58t2Wcd:vD+Js9C0udwtzJKyA5HQcKUzy
Static task
static1
Behavioral task
behavioral1
Sample
4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874.exe
-
Size
1.2MB
-
MD5
43044a8822f069feddd9c02fe36d8517
-
SHA1
7ed988939944d311a580e145198a6b4cc5741355
-
SHA256
4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874
-
SHA512
fb7f178877f94e7132508d1475dfdadbd2b71f4d8b3c779e509829fd2ea4d223328a389c6521729616cd15900d72b57a3fe0f0b6502c9bba7c60194c65d66f4b
-
SSDEEP
24576:v9tuVdYYq6r4KmT/VKl/kb9sY5uJ1VMa6z3ZD+yA5HQMh4/Vp58t2Wcd:vD+Js9C0udwtzJKyA5HQcKUzy
-
Detects ZharkBot payload
ZharkBot is a botnet written C++.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-