General
-
Target
ZTS3.exe
-
Size
423.3MB
-
Sample
241109-mdg6hs1rew
-
MD5
a0caeb6eb607c47f90530895a33bca41
-
SHA1
96899e70acd146d7e5f76fd68dd0e9f27090ac2b
-
SHA256
a71944f5c2523be7d3a93b2b2fe9c145853808d24895e15ebd40a3d5db06a878
-
SHA512
31c5465184c96c01d08ca6022297adae9e19e527d4558c6055a300ed0460aa689d455807f8de2527613dbcc149fcf4f3a1c3b2137387b3c3f7b7892f57cf256b
-
SSDEEP
12582912:GBOBoXWJ4nxRP37z2xZsGyuCOIN/RsX40AUV2O:GBfG2xBz2xZ4OYpzm2O
Static task
static1
Behavioral task
behavioral1
Sample
ZTS3.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
ZTS3.exe
-
Size
423.3MB
-
MD5
a0caeb6eb607c47f90530895a33bca41
-
SHA1
96899e70acd146d7e5f76fd68dd0e9f27090ac2b
-
SHA256
a71944f5c2523be7d3a93b2b2fe9c145853808d24895e15ebd40a3d5db06a878
-
SHA512
31c5465184c96c01d08ca6022297adae9e19e527d4558c6055a300ed0460aa689d455807f8de2527613dbcc149fcf4f3a1c3b2137387b3c3f7b7892f57cf256b
-
SSDEEP
12582912:GBOBoXWJ4nxRP37z2xZsGyuCOIN/RsX40AUV2O:GBfG2xBz2xZ4OYpzm2O
Score8/10-
Drops file in Drivers directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1