9a5660d44f613410a4d517ff40e832b1bd7716b0436c0141af8606de43617bcc

Sharing

Copy URL Twitter E-mail

General

Target

ZoraraUpdated.zip
Size

15.1MB
Sample

241004-aq7wgsybpc
MD5

56bd514615f89d7e1e66739d0334bdcd
SHA1

29f25849aca5cddb78c73fa2820ccb7b105d0f13
SHA256

9a5660d44f613410a4d517ff40e832b1bd7716b0436c0141af8606de43617bcc
SHA512

81b4819fd389de813f25c35530c133bfbd260774f1e0ffe374fa65b53ab3af4d8283812dcee2ac7e7031822c8753f194acc4081aa74c54c7795abd5b040510f3
SSDEEP

393216:Fx1w1giC0AcSuG8RWQy6zwgnkT0k/IACnY+BI:Bw1giicSuJgrak1bCnY+BI

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  ZoraraUpdated.zip
- Size
  
  15.1MB
- MD5
  
  56bd514615f89d7e1e66739d0334bdcd
- SHA1
  
  29f25849aca5cddb78c73fa2820ccb7b105d0f13
- SHA256
  
  9a5660d44f613410a4d517ff40e832b1bd7716b0436c0141af8606de43617bcc
- SHA512
  
  81b4819fd389de813f25c35530c133bfbd260774f1e0ffe374fa65b53ab3af4d8283812dcee2ac7e7031822c8753f194acc4081aa74c54c7795abd5b040510f3
- SSDEEP
  
  393216:Fx1w1giC0AcSuG8RWQy6zwgnkT0k/IACnY+BI:Bw1giicSuJgrak1bCnY+BI
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral5 behavioral6
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral7 behavioral8
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral10 behavioral9
- Target
  
  Zorara.dll
- Size
  
  12.0MB
- MD5
  
  2e0c82462191ddfac1c787cbc8319160
- SHA1
  
  e60a6b81fb0d6fc25ef325bcf450152e4f192abf
- SHA256
  
  6c10cfb739cf8073acf9e0a93e679f7f7dab36b1645da0cf9529c199cb1d21a1
- SHA512
  
  fee3678a70408b0897db696057011f095239396dcf0331c98a09b853863fb804613e71c366cddbc82802bde9980b4e171511f0b40a8d4cef9b2223ec29bf4ce9
- SSDEEP
  
  196608:JAGyisuJVCI4G8Oz2c16kR/aHvEr+INvYqAmRyqEbrBXoLGwvwy4ETHB:JdzsuTCIBa2/aHMctm4TbVzgh
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  ZoraraUI.deps.json
- Size
  
  2KB
- MD5
  
  41eb12ae669dd39b2221d935c3395f6e
- SHA1
  
  77038ff97a4ec1de4ae7663d3371df19d5d1515a
- SHA256
  
  7c42de0b69df902f10c770c216a4d6aa147ab750ffa4d74e6bd1b593c5f37697
- SHA512
  
  c98b9172d4ba4202b924c850c66167626ee3270253b975248bad4908317f02590027f33ea8963ec43f12e45a7aa577eda21c0cab5d772d40a5ce2d2f62c7ccad
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ZoraraUI.runtimeconfig.json
- Size
  
  458B
- MD5
  
  07b9a30265ca4e69c7016a1b6e3ffc27
- SHA1
  
  3a4af82a2695b1423aedd8b60a5c86793c011b02
- SHA256
  
  c71152bf25e40d647b2440c5b39be157a3d356106be9d5b678ab97bb87b4e782
- SHA512
  
  efd582f8edcdba5ef48d02eee5f73d83ff35071af99b49e08e0213928568d728d0856e3b903bfcccb9237f786846cf94da83139f99e9bee86287aff2071c3f1c
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  bin/Monaco/vs/editor/editor.main.css
- Size
  
  294KB
- MD5
  
  23c7db6e12f6454ef6e7fb98d17924d8
- SHA1
  
  06398b44a338db5eeab2d461347334fc69af5af1
- SHA256
  
  615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451
- SHA512
  
  5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924
- SSDEEP
  
  6144:TzsUTrsZ7KcNkuwcv2As0aMY/Y/RR9MtpWKco:TzsUTrsZXkW4/50i
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral17 behavioral18
- Target
  
  settings.txt
- Size
  
  10B
- MD5
  
  4c65e2f855d8696d18ab503ca9f4cbfc
- SHA1
  
  448a8b537b3dfa966682a496168bae8555c3c889
- SHA256
  
  268eef82beb074b0ebad1eaa73261d87f97ca50dbcdde8fc5621ed50c5f1faea
- SHA512
  
  c127295e977a579679201f36c9c70233ebbf70bf1cc8f6a83283d75c853935902172de3dc8b19eefddd64e182219926d5ecae944a993505e86994cc813e82b59
Score

1^/10
behavioral19 behavioral20
- Target
  
  workspace/.tests/appendfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral21 behavioral22
- Target
  
  workspace/.tests/getcustomasset.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral23 behavioral24
- Target
  
  workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral25 behavioral26
- Target
  
  workspace/.tests/listfiles/test_1.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral27 behavioral28
- Target
  
  workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral29 behavioral30
- Target
  
  workspace/.tests/loadfile.txt
- Size
  
  1B
- MD5
  
  8fa14cdd754f91cc6554c9e71929cce7
- SHA1
  
  4a0a19218e082a343a1b17e5333409af9d98f0f5
- SHA256
  
  252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111
- SHA512
  
  711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32