General

  • Target

    ZyranClient.exe

  • Size

    54.9MB

  • Sample

    241114-dmcgysxleq

  • MD5

    185dd0e1a1fddf616652f7eeaa6b60b9

  • SHA1

    fd47ba93638c6cf646d00558032fb1612433a414

  • SHA256

    53794778e47de538b9a6dadada979bdcdfd71437bcb1d6490717e3eebe3ac5f4

  • SHA512

    d19e36abb40db6b87db6e79de58ec50bb16b278f6121a651b8b04ccc7ebdd6a9f927cfd2af6b48c64e1d0f2155626cfb63d2bca2a69900c96ff4a2ca7cbfcbf0

  • SSDEEP

    1572864:ofrk0LQqMrlpA+Ql4qxTivfSpmqrBBPJO2:ofrfyklvxenJynPc2

Malware Config

Targets

    • Target

      ZyranClient.exe

    • Size

      54.9MB

    • MD5

      185dd0e1a1fddf616652f7eeaa6b60b9

    • SHA1

      fd47ba93638c6cf646d00558032fb1612433a414

    • SHA256

      53794778e47de538b9a6dadada979bdcdfd71437bcb1d6490717e3eebe3ac5f4

    • SHA512

      d19e36abb40db6b87db6e79de58ec50bb16b278f6121a651b8b04ccc7ebdd6a9f927cfd2af6b48c64e1d0f2155626cfb63d2bca2a69900c96ff4a2ca7cbfcbf0

    • SSDEEP

      1572864:ofrk0LQqMrlpA+Ql4qxTivfSpmqrBBPJO2:ofrfyklvxenJynPc2

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks