a9a09871d8dadf1e764d04411c33d2e0689365f42b6722ead8e564fdc05ad905 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

zapspoofer.exe

windows10-2004-x64

8

Sharing

General

Target

zapspoofer.exe
Size

2.6MB
Sample

241003-1ltfeayanl
MD5

02f71947d17cf2b0cc520a6592430c9d
SHA1

bfd7cdf08621fc67bb57dd597f9c5456e8710f9f
SHA256

a9a09871d8dadf1e764d04411c33d2e0689365f42b6722ead8e564fdc05ad905
SHA512

ac27ec840bdfa9488cd70937093eb2710daf76b48952485a537635348861ee5b0a0e52010a2aa9144a1726f3c6c94bbbf001d4f7485d38389a84c14915b9286c
SSDEEP

24576:VWrwjgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nf:VWriA+NOpXm1mnj0cP+DkhMAiawnFQS

Score

8^/10

discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

zapspoofer.exe

Resource

win10v2004-20240802-en

discovery persistence

windows10-2004-x64

17 signatures

600 seconds

Malware Config

Targets

- Target
  
  zapspoofer.exe
- Size
  
  2.6MB
- MD5
  
  02f71947d17cf2b0cc520a6592430c9d
- SHA1
  
  bfd7cdf08621fc67bb57dd597f9c5456e8710f9f
- SHA256
  
  a9a09871d8dadf1e764d04411c33d2e0689365f42b6722ead8e564fdc05ad905
- SHA512
  
  ac27ec840bdfa9488cd70937093eb2710daf76b48952485a537635348861ee5b0a0e52010a2aa9144a1726f3c6c94bbbf001d4f7485d38389a84c14915b9286c
- SSDEEP
  
  24576:VWrwjgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nf:VWriA+NOpXm1mnj0cP+DkhMAiawnFQS
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy