General

  • Target

    zapret_build-main.zip

  • Size

    1.2MB

  • Sample

    241109-nn88estela

  • MD5

    346af5b0957a7912c4e5200f5884958e

  • SHA1

    32a486996a5eecedb2b97f02a2a6fa9cdfd67dd0

  • SHA256

    cfaa3515b3da8d2998ec1adef7267eb345e4812a12e4355dd95e35ff1340617f

  • SHA512

    cabc946fb86f67be449ce3f0d1d24513bf3ee0aad57b3aff92cf89e781919943d538874f1cdc22175a14672879e2e276daa05a570be7c75c00b4554af16e71e7

  • SSDEEP

    24576:5k4EsYgNMcszQc4hTQTXSL8ZjDtxtm6kNlgcGBeH9Q6x8Ynk4ln:usYyMHzAL83xtBkN1SedQFWln

Malware Config

Targets

    • Target

      zapret_build-main/!!! удалить старый вариант из автозагрузки.bat

    • Size

      104B

    • MD5

      0a46a99fbd03d41e872d2c9e24ed4d87

    • SHA1

      e300f03c2d638832950210bb86f11510a9751cd5

    • SHA256

      a1b09a67555b3e837d35660de842542765dce4bd49b8fe9419a26fa073237339

    • SHA512

      a084cd8d1289e79c6f8ac3f671ac5867fafbb950daad6c34a0afe024e4dc38b34526a24d98f981fbace0f2c25d7f0ada52c73ba166212a6d07d6ada46bace75f

    Score
    1/10
    • Target

      zapret_build-main/Start winws (preset_russia+discord).bat

    • Size

      74B

    • MD5

      165988c3900e16a6b2b39909b9469792

    • SHA1

      fca9030b8eb3a58e0581a52bba2d42b95805beda

    • SHA256

      274e8fd89497c4f7f1c82132d2179efc35bd7a7fbf05baa1c14cb0eaa33791a9

    • SHA512

      dddf84f22d9f3ab74fd8d863de71f1b5bd3c7d92c79add4ea90653b2a63961b9caa2e65bd5b1aef618d76afa1bc9fe99592c5dbab8ac82f23b2f5c56da722b0d

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      zapret_build-main/zapret/zapret для windows.url

    • Size

      159B

    • MD5

      6c44f6bb7bf58bffcc35cbcc249b6505

    • SHA1

      bcefaf7a6dfb7eb027e4d0538ae3360524d6398d

    • SHA256

      1894e18da13f95b07ddfe299c393eb4edf211bc20395effc1ef5de1f8d6cbdd8

    • SHA512

      6d3b53004dc7d20bd598b12a94777865285d774f7ad5aa716fb8b99f4bb1bcd2482dea9109ce4833c5250bc0dffa1bbc64f7721d1d91061a71a202b8a75d2db9

    Score
    1/10
    • Target

      zapret_build-main/zapret/zapret-winws/WinDivert.dll

    • Size

      46KB

    • MD5

      b2014d33ee645112d5dc16fe9d9fcbff

    • SHA1

      aa69498562d350f2de06954b133e59fac1e57002

    • SHA256

      c1e060ee19444a259b2162f8af0f3fe8c4428a1c6f694dce20de194ac8d7d9a2

    • SHA512

      37014a018b9cd91b2eaeeccc7c5af3838fcae4d4fe6bb50c7ae32cd5c99423965a3e3efb29499324f6885b8f0c2ee2952cb75ab73db4e8960811abcb46801f15

    • SSDEEP

      768:Qjf2rf/kxpxI+JEw2VWHDDjQSQX4zTtllgwBqWocwTicI:YuT/CXHDvVQatonTic

    Score
    1/10
    • Target

      zapret_build-main/zapret/zapret-winws/WinDivert64.sys

    • Size

      91KB

    • MD5

      89ed5be7ea83c01d0de33d3519944aa5

    • SHA1

      4c9b9c74529399abacc2284de1dead5f2332ee9b

    • SHA256

      8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2

    • SHA512

      be6530fa0e26441441028b530cd6fc4f900448916e137f92613a1f886c16399d415ddd17f7f8847258cc19c63b1510f2f3068942203c50486e48eed838f9f138

    • SSDEEP

      1536:AsmCCzg4Klt7jh//NiRMwoGK0tmdsAXixJz48dJ/zuXR:Atzilt/iR5ojGmdsAXoz4k/8R

    Score
    1/10
    • Target

      zapret_build-main/zapret/zapret-winws/create_service_general.bat

    • Size

      1KB

    • MD5

      33b3a97f2360c0c17383819c8e37fb7f

    • SHA1

      8271f7d6f410814f53659f292495e9a324314145

    • SHA256

      2602c19f0a86ece1ff603cc0a54d16cf2138285070804bd20d0da1983980bb4a

    • SHA512

      5b825b90f4c1537eb959a643a3c6ee27e9774c7c3b970129abef2001bde4512b9c624741cf0b0bab6fd40ec6769841fe19c5f90b5dbcf28036e27eb18f0734e8

    • Target

      zapret_build-main/zapret/zapret-winws/cygwin1.dll

    • Size

      998KB

    • MD5

      c50b50303fae4afe7248307339a00d13

    • SHA1

      1b4a3f7666172809bd0d88f793ee855bd4b92938

    • SHA256

      712c39a069541afa69cfcbe01b422bd67b4201eee7e94cc1327d4ed8b4fa2167

    • SHA512

      123d06a0a5f891851e372881860b9d7fb8c453dcdbbca5970b9b2bf205f08f0a724595c6892f4afbbb4f85292a886dddffbf0d36dfe18d4b6eea7a5d12451762

    • SSDEEP

      24576:YbYJZPZf7KMuiA7Q4lsXBmStxacrFhG+wTGiPoy1u7MHltI:YAZfmM/A7Uk6xhpmGkoy1u7MH0

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      zapret_build-main/zapret/zapret-winws/preset_discord.cmd

    • Size

      660B

    • MD5

      420237d894c1af4cd36647e96d492508

    • SHA1

      875260df4f4fef97dc560a291216e69de810fb2d

    • SHA256

      c02c80f5efda3461123ad4061480a2390745ae3e8dda435f36f810b1ee7cd2a0

    • SHA512

      1222df7cbff85b6ae12b672c4ca46d9b93414303ebbf68a7c51e84c9366bbe00e70a22656b316b66bebc70a3101bbdae384a83e5d46196b332e41036c973585f

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      zapret_build-main/zapret/zapret-winws/preset_russia+discord.cmd

    • Size

      862B

    • MD5

      6ead4e535a4858f7da57313822762e15

    • SHA1

      3e4957ade0b620bcea8cb126daf77dd4146c9bf6

    • SHA256

      9e4ba5f73bbcf1760ecc49ba935f170b65b31931dbc42c8eab8e50dc1d2c32e9

    • SHA512

      c7070eae850c3e92c507b5f550949ea05397cad27ef8ace2444da2d1e08374bfa94c27b84fdba90e67ba43bf6a34ba6b7722c70ecd3e566df0960e8ead659b1c

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      zapret_build-main/zapret/zapret-winws/preset_russia.cmd

    • Size

      697B

    • MD5

      d311dccc27291d30dbcefc76298f13c4

    • SHA1

      48cc8671339f131e50f7974d79f8383d608d3223

    • SHA256

      db121074d35ef30b873966c85eb40bb63e2ba365ad315d2a8148e462cf07e295

    • SHA512

      8d89c305185d7a604609f51a51cd831cd2ffc587a124c047756a1c534ca444001a1d9224b9eccda405db56e0b6e1ce08aa2f24d4ebf0e90b71f42059d6b3fd9b

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      zapret_build-main/zapret/zapret-winws/remove_service_general.bat

    • Size

      65B

    • MD5

      2b13379ee5f8beb73328aaad75595a37

    • SHA1

      c6684a0bf1df59e315c97d0f3ef677937aaefd71

    • SHA256

      f014eadf2e5b66b44cf2806bfa06ce91f156f86f823e7a6be279bb757a9103f7

    • SHA512

      faa5c34d60b987611bf76be6cfcec1bc3452f1a89aba1f081bb0ed8ba4b8d6f1502105a54143d10b31bc41958ec79a84d16611618e55c8b40a551e7ceb621fb4

    Score
    8/10
    • Target

      zapret_build-main/zapret/zapret-winws/service_start.cmd

    • Size

      41B

    • MD5

      a51edd67a025ad01a6e965db1edb0c6d

    • SHA1

      f7587dd44863ed138e1287ba052998e00862926e

    • SHA256

      0d0dabb5cb392e91f24e6ca66f75c7441edf4d4702e16cb8b92095df6143e877

    • SHA512

      85c997ead4d2c0bcb5c11dca4c5dbc3a42ac23773be75ae5f86578dda171eddf76cc0629d055d17d70dd6c801d8943b0a269f5452f76b140f270822052e5e047

    Score
    4/10
    • Target

      zapret_build-main/zapret/zapret-winws/service_stop.cmd

    • Size

      41B

    • MD5

      a90b6db9791ead69f8a16887232f4cf6

    • SHA1

      e4716a19f4dc0b8faae651f2af402a1c376c7fd6

    • SHA256

      3629c1fee08f9f42b31ab1c02a12efc3e8bb0ad2de4d7c2eeb25de5fae5f4977

    • SHA512

      f7f73b82a8a46aae0ae5b9949215416e0c2dd7c31706ee20c3395295fe7296c399d0ea1591be91920d7e1d792827b1e0b40921ae70ac5116ba4717fa86aa881b

    Score
    1/10
    • Target

      zapret_build-main/zapret/zapret-winws/winws.exe

    • Size

      234KB

    • MD5

      8c624e64742bc19447d52f61edec52db

    • SHA1

      1e700e2dd61b5d566a651433dc86bd95a6d54449

    • SHA256

      13fd7a9c6f7c98239a61a212f69211a0f19159b2e8cdae8b1efc57d35cdcd5ad

    • SHA512

      f676f7aa863fd13494186d4be597c19e49dc8245f6a98a2e9e2f1d09aa9e4cbf7a87c552e49359347b24b46cd1eddfb6edcfcbd6f4ff4d24888831ff182c952a

    • SSDEEP

      3072:v8eKEoQ4poZkFUIIggeAtqCijmtvzb20QTE7Eh2mS89QB+5Us6V:vtp5GoZ7+VAtqw7S0R7E9Ou8V

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      zapret_build-main/Запустить службу.bat

    • Size

      66B

    • MD5

      3dc1cd1c16913488425961d0bf0080b7

    • SHA1

      5cf707ecc00870022f5d044b35433b91c17cb16b

    • SHA256

      344f318e21c6e88d8c6b28332a1fb2fac6407937b980d5813a41b207b670db89

    • SHA512

      51adae93e84449e3fd9a59112cc79a550f1c9790a056e3c08ce2ed6922caaca914e5620904cfdfb840380043f081ae145e3e9a6dbd57f4c0c0340349d725710b

    Score
    4/10
    • Target

      zapret_build-main/Остановить службу.bat

    • Size

      65B

    • MD5

      3c6bcd7ddf29173a2851690efd6f8ae5

    • SHA1

      1bcf7f1b7e577e03965cd980bc12d5c3f450ce6c

    • SHA256

      041e9f3de4bb0357c9fc214c48ec1816245a628b9dbfb402b3cafc2477c0b026

    • SHA512

      c1c4c935e2d2484bcae1fcf1c13ddfe7abe5447725516399c93aebde19b8a306c7f05d42234283839cfae546d5cf3e8eef455f2c5f64f9269aaa741225de6442

    Score
    1/10
    • Target

      zapret_build-main/Создать службу.bat

    • Size

      75B

    • MD5

      dbf7e1a1edec0b4af011fbb708b761c2

    • SHA1

      511d84fc99120a9dce6d70a5b4fb68035d5b4d51

    • SHA256

      88cd65b362dc709b88d645296f8eb582ed44bdfb81c26fbfe598c5a790dc14f7

    • SHA512

      2f71639076def9d1348986709f37f24f719fca9b2666830fe152a279875f7b23d7e2e11531b97572b669f299590e95e18e589788a1dd9fb5b0a0d536c8eafa49

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
5/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

upx
Score
5/10

behavioral4

upx
Score
5/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

evasionexecutionpersistenceupx
Score
8/10

behavioral11

evasionexecutionpersistenceupx
Score
8/10

behavioral12

upx
Score
5/10

behavioral13

upx
Score
5/10

behavioral14

upx
Score
5/10

behavioral15

upx
Score
5/10

behavioral16

upx
Score
5/10

behavioral17

upx
Score
5/10

behavioral18

upx
Score
5/10

behavioral19

upx
Score
5/10

behavioral20

evasionexecution
Score
8/10

behavioral21

evasionexecution
Score
8/10

behavioral22

Score
4/10

behavioral23

Score
4/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

upx
Score
5/10

behavioral27

upx
Score
5/10

behavioral28

Score
4/10

behavioral29

Score
4/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

evasionexecutionpersistenceupx
Score
8/10