3a17d7cddfec31925a652e917984c278cb8a1ee68554248ded467696c427e041

Sharing

Copy URL

Twitter E-mail

General

Target

zapret-win-bundle-master.zip
Size

13.5MB
Sample

241010-mv1destgma
MD5

219469978734cf1669343c751c43c312
SHA1

587067be2f29cedae9144d67bd7d2e4e5e196d9d
SHA256

3a17d7cddfec31925a652e917984c278cb8a1ee68554248ded467696c427e041
SHA512

68d4a91c367912696f3838a70dd452b6cdb2c5f0da80efbbda7beff1e61a7be2f091c7ee3b5c8ffebd2a0dc2ccd178a7b3d497b499d9d4b59628d4866bc3b655
SSDEEP

393216:YEbQYpOSOo9c+INVgKlNCR9omhCfOxpl2cXv4ynWzHEb:YCQYU7o9SVFNCYEpn9W+

Score

7^/10

Malware Config

Targets

- Target
  
  zapret-win-bundle-master/arm64/install_arm64.cmd
- Size
  
  1KB
- MD5
  
  19c59b3508d934f93799667bf50d5714
- SHA1
  
  0ad6680f8088f8b6e606f551496bfec5ce04082c
- SHA256
  
  8f72c1f1f1b98c56b13cb26b1e414807d50e0d6a0c982ed9d698581f952a4d96
- SHA512
  
  92f95eecac124b7142625f0499fc654dbb71f70d22f2a89dcc5e0b6766ce07855031fad75ba0b542dc2bd4b3d8cc9fe437ada11d45f3c139f4770b5fab54aa22
Score

1^/10
behavioral1 behavioral2
- Target
  
  zapret-win-bundle-master/arm64/ip2net.exe
- Size
  
  24KB
- MD5
  
  014f0d3929e0a167600bcd41816301b4
- SHA1
  
  cdac2090269bab89859a99b9327f2edb15aa9fc2
- SHA256
  
  7ff9847dc3d693d02ba2ce8df6d4295bddb15f9552e868308a91391ab3a23e94
- SHA512
  
  988bf50f873bf31e297bb194b2ae9bda7333b756acd8afcafb082931ddec291a8fd0e00f107d27f27191b8aa430af94e86dce3471b2200c73578d086005213c9
- SSDEEP
  
  384:ng/CGqmQ6Z5zTV4r7TbaBap85f7E2UGFgeoYNfNcNNqr9sa8+wzDFw4hoqs9yRS1:g/C8V4rTaBH7E2bFgDYNfuNkrya8H9w0
Score

1^/10
behavioral3 behavioral4
- Target
  
  zapret-win-bundle-master/arm64/mdig.exe
- Size
  
  115KB
- MD5
  
  4eec6963869bada03fa8183fefcad5cf
- SHA1
  
  7fdc4d5c56bd6f5b5f9a1c7b5847e9648e868cae
- SHA256
  
  ba54b262675a3e1df6d784dc9383658b598d254f53f5402ff7075d45cb8e4f92
- SHA512
  
  c1b3ad600df651c54e90c27fbcdac8cddad0027448a7df11defbbd4b5289c54e48f4d93dc27402d6723d186f40ed3e3720d45fd65e7b2d8526ea12f5c57c7882
- SSDEEP
  
  1536:BoHCpx9GccH7MTqYwsyvKm8U9AR/TLe+CRuAZZxS9aIywgLocr/fNLLS6cdpXOIq:BhNW7bBsyvKm8U9bssoc6xbD7uSEN
Score

1^/10
behavioral5 behavioral6
- Target
  
  zapret-win-bundle-master/blockcheck/blockcheck.cmd
- Size
  
  199B
- MD5
  
  c8f6ce2373ae8cfcbe070e8347fec6b7
- SHA1
  
  6af61c6bacf9a43253071dbf2830022d73f19952
- SHA256
  
  c62021151e53f72de851086ce377b13ff7bce291d4d58bcc527cc2be5de6d697
- SHA512
  
  e5493c350519cd29c76cb5daef3136f346d6af4050284d582ef395dc2b0e1e037978e5aa05df666fd8eb6bbdaf8f5e746998ced42143891df32d3b8869d5c216
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates processes with tasklist
  discovery
behavioral7 behavioral8
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/blockcheck.sh
- Size
  
  45KB
- MD5
  
  aea6d68ecc576aa7088623c776090b1d
- SHA1
  
  e1f288c7b975c182c1436ecaa21eba995f853f70
- SHA256
  
  5d2992503cd28c1b1f4b55a59f3eacb38ff0c4ce68599008afa0c3d8c9afc38c
- SHA512
  
  1ee2452704ca17b61419dc73595ab7a18dbbe5e85cfbbe8e4e032850244bb2ab739979fab521ad38372f86c60661cef48a04d6c8cf5bead057605ba026c56b03
- SSDEEP
  
  768:IeQ3DX3LTqs3ln5bhs/8Uxg8OOwcG0NscyKjTDG3NJrc/AG/fofrtwWLlQLyxXiL:dQ3DX3LT75peBNsXdPfrtwWLlQLyxXiL
Score

6^/10

discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/blog.sh
- Size
  
  215B
- MD5
  
  a5f7b48e604b1cd5b929879fdca4d856
- SHA1
  
  bbbd30b20bd80c3d8950bfc0b3e2e685f86f7909
- SHA256
  
  a848f249447e65346ed4bb44fdac5de4c515522896c251cbcb937e2a701eab08
- SHA512
  
  cfd8e18c731ee88cce02f8024c599b270fe429116a03137e41802fd9a6118b32ae78024879340511408ce6674e14b7bc310a16fa39b3b8ab191ce8e2a35a97f0
Score

3^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/common/base.sh
- Size
  
  5KB
- MD5
  
  6123ac2365e39e299d619be2bc18f38e
- SHA1
  
  65710c8fc1e894998009658509717d331fc4f1b3
- SHA256
  
  d2e41c6726ac9565b9149ead7b57d8bb8c082906b3756e05517cdee4a2ced083
- SHA512
  
  f3352a73f53f1ace3858c311721c6ba00a305b15301023e029f8c1f43e3a23b0f4d09cb1761eb0645208f863aa2287e2b2a8d363a11121aa5318992cffd32c5b
- SSDEEP
  
  96:QwQNRstCOpSQVnx+HoqNgKFCKFoVG2MkFOXOTAhJ+70iODQ+8N7w+Mf1gQg4SZTd:Kgt3kUnx+HoqyECECFMxXhJ+708+8NLx
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/common/dialog.sh
- Size
  
  1KB
- MD5
  
  6fd5b6525dfdd5fdff0a4919fd1a5105
- SHA1
  
  29dbdca361638b242c8bb36bb4f6b37d34494eae
- SHA256
  
  ccaf7f160b50060ca3a4044f43c30018c156636c3f4a8ad2e00e60518905a5e9
- SHA512
  
  92bcdee7f8ca1ab6e3d330e918ced08d3c26d8b192c0f62a95daf3d4994a196509f019ada6f22760941aa18660dbfe39368af3eae81ffcdb3fd6adf379225fee
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/common/elevate.sh
- Size
  
  266B
- MD5
  
  2370b5897e36e9d63cbdf1e533c2b08c
- SHA1
  
  cd4ee82388c5faf50a61637672137a03be538517
- SHA256
  
  0c73b7bb0ce73ab0e962dca6c8274ff07aeaaf1b6ccfdd8103898b0950042446
- SHA512
  
  05df1c720bb48d425d51e409f7304bc6bd8b712297f6c7e9744fe9b6ceaad657b5754521e7eb9e5e03dccd1ad7fe4d4fa90c7f34f355150f768256d4e3ee4e32
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/common/fwtype.sh
- Size
  
  929B
- MD5
  
  870dcc207c4808cc6934d204a1f2311a
- SHA1
  
  d8444d08ced2172c645ddd346cac378df8cda0b8
- SHA256
  
  8a21e8f8fb1878bef256a467540a9fae42f9135201cbad06c1118c1f2bf69b50
- SHA512
  
  aa49a818a484f1be79bad9af6dc99cf171e940ea03b8bf7d961a9cdac2268f5066f224ee45a22c7632a522af7046c8fa8165aa994267b38a123a6e178230ac55
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/common/virt.sh
- Size
  
  964B
- MD5
  
  58716e351159127b3cb47d737402221f
- SHA1
  
  a84042f5ad61def53e9ad51018af07fe1f7d5220
- SHA256
  
  e334c1e7b378baa6fe706cf912cf701f867c91004dc1834565c15f59785965f4
- SHA512
  
  ed0e2b91874f6c81a1979483560bd8cd196156fe60defeee5844abc6cf10cd9b7b849ec471d2d38894cf1b7854c5954f261ed14bff033821fd5cfe361ef077e4
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/ip2net/ip2net.exe
- Size
  
  86KB
- MD5
  
  2b3ef4643f6fd99d98daf8520e8d6170
- SHA1
  
  19813ca62748baaad29ff3499c9b26bb1c29b88b
- SHA256
  
  4806b3e014fc3be7859c03209e73ef91fe67ab6f2ec45099297ebb49e18df1b9
- SHA512
  
  14a3a27b34877708676661e76bfb5b4606ff4b818caaddb5dffe5286612f06475e9fc57cf22ec793b87328356c1b7eca19c7890193a4694d5d938eb49c24f0fe
- SSDEEP
  
  1536:T+sm8PukZAmWfLgUtdPv4AgbFHtzT+ovEeV43xFQPL5DW:T5m8P/Z4RPQbbFHhT+ovE44+L5a
Score

1^/10
behavioral27 behavioral28
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/mdig/mdig.exe
- Size
  
  114KB
- MD5
  
  1943078beb795ecb4a865147d986fb5f
- SHA1
  
  b8bf67d538560e3c9b03420dca2cdc552fb9e15a
- SHA256
  
  4d60be82ec0426d861f4fac6e63257b62c3fdce901b7b88d166a84fe556304a4
- SHA512
  
  2d1c71e7ff384565fe7c22f66126c1eb6633b763860b9c11ffbc37cc7a55b39245d465579c321939e7a9aea5c0dcdfa8cc6bd341edafaf142c0c2123fe468496
- SSDEEP
  
  1536:oATkPHw7hBPLqI09BHRiAgxFcWSgFAsa/VEPxkasjmY0z1bXI7kYkYz12W:oAYvwzeBobxFcFgFAsatEu3mHh+n
Score

1^/10
behavioral29 behavioral30
- Target
  
  zapret-win-bundle-master/blockcheck/zapret/nfq/WinDivert.dll
- Size
  
  46KB
- MD5
  
  b2014d33ee645112d5dc16fe9d9fcbff
- SHA1
  
  aa69498562d350f2de06954b133e59fac1e57002
- SHA256
  
  c1e060ee19444a259b2162f8af0f3fe8c4428a1c6f694dce20de194ac8d7d9a2
- SHA512
  
  37014a018b9cd91b2eaeeccc7c5af3838fcae4d4fe6bb50c7ae32cd5c99423965a3e3efb29499324f6885b8f0c2ee2952cb75ab73db4e8960811abcb46801f15
- SSDEEP
  
  768:Qjf2rf/kxpxI+JEw2VWHDDjQSQX4zTtllgwBqWocwTicI:YuT/CXHDvVQatonTic
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Enumerates processes with tasklist

Enumerates running processes

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32