9e3fa0ed7868c67a11c03bd90a40c9a7e49b305019064b78a0dbc30d7c7d47b0

Resubmissions

05/12/2024, 19:24

241205-x4dk5ayjav 6

12/10/2024, 22:13

241012-142jqsyckq 3

25/09/2024, 13:46

240925-q3dq6s1hne 7

Sharing

Copy URL

Twitter E-mail

General

Target

ZoraraVVVER2.8.zip
Size

17.2MB
Sample

241205-x4dk5ayjav
MD5

eeb1f486796fc8c3df741e7c3bd650bb
SHA1

d6050ceff916d281d0c2cd30e851a2546c5df5db
SHA256

9e3fa0ed7868c67a11c03bd90a40c9a7e49b305019064b78a0dbc30d7c7d47b0
SHA512

629283e47d48991d8aafa3cf897bc252b3a7a6afaccf24b71cf42e23d927b8719834e9cf4841c18b032eae266c9329c8a51bfaa82479548061ca70ab3ecc8b2f
SSDEEP

393216:/qmHBPYCPsypHCRrwJirTLcLy5UYrJh64ppMbwwlZ9MZBX4uG9ZvYaD4:/qmpYuqGsPIy5UYVsBZi0uiXk

Score

6^/10

discovery execution

Malware Config

Targets

- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral5 behavioral6
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral7 behavioral8
- Target
  
  Zorara.dll
- Size
  
  14.2MB
- MD5
  
  e9f7a600f1c3c30e2ef9576bf7cea03b
- SHA1
  
  700017e157bec2e9f72bceffcdeab36004a9c820
- SHA256
  
  439c9fc897dd7026df5b9579f45b712516b4b22f4ffe3324694202530e3ba23c
- SHA512
  
  81606aa1d2c3d2e604c201bd7803e28f22a0e60f0fe9e6b05d16c2cb1dd9bea54649d2b15bd1b1187a62e5fb6644964e7274d21d50854e33312d017e050f7a3c
- SSDEEP
  
  393216:i8kK1+g5u+l7ylz47SB1S9v1b7z2N+KJeRV:ic+cue08w+KJe
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  ZoraraUI.dll
- Size
  
  298KB
- MD5
  
  c521eb0736df50248a1cafb57806b3ce
- SHA1
  
  b37e8e7b2805ace369bb901e29a77ec3c990d88d
- SHA256
  
  fccfb794e120baab657ed45402d6150098d9b2fdf7b58f5c7ebbd079248f6684
- SHA512
  
  9e491e412c1a36008e6831b9d847f5ecae17a1f4faa02c8a1fbb2c25618ccb51f2fdd13f297333d7737d8b16c4045a0361e6d45852066cefe67a9d5ca5b78bce
- SSDEEP
  
  3072:EJddAcrT2BPj7zqmYwSKiIwOby64UmYwSKqIfZ:ELCcrCBPj72N8by64UN
Score

1^/10
behavioral11 behavioral12
- Target
  
  ZoraraUI.exe
- Size
  
  254KB
- MD5
  
  718d5c5e8e9688083a176b8460762df8
- SHA1
  
  adfe33da3e1c87f319aa653e9d315acf9aed7fc2
- SHA256
  
  56b9004d08e5c52155c52f72bdc05de9b0475b060a790f48af23f79f2f9f1106
- SHA512
  
  9068831b1c2c5f30b8768975c7f42d55bf062d4965f7fb46031204e958b0d73cee72a6dbfc6859151df80e9ec253ee78996563f9562ef6ba2cc659f2e71459fc
- SSDEEP
  
  3072:WjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOBhBuhmYwSKgIwe:WjK4TDUqgpqWDLZ5H+xuZ04ihAhN
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  bin/Monaco/index.html
- Size
  
  164KB
- MD5
  
  107a853040c82ea8c2ccc088d5412f34
- SHA1
  
  575e2b1ef9a62420c75ff28efd4a72b81d54fad1
- SHA256
  
  c15e5a7383a6129debd84cc8929e16586421283554c0c7c908f831b56f028540
- SHA512
  
  1b002abe0316150e214b0303670588fc5a4fa49a3e7b79d64f3ff39466a861136289e8e90bc2eaf794ef9bc225657a2360d48dafeb1677087c440f1c1c162c26
- SSDEEP
  
  3072:gKl34J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7p/:d4J09BA3pZaFD48VOAGUWYPjdlLJbRBT
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral15 behavioral16
- Target
  
  bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  133KB
- MD5
  
  d0ac5294c58e523cddf25bc6d785fa48
- SHA1
  
  1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5
- SHA256
  
  e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b
- SHA512
  
  fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb
- SSDEEP
  
  3072:bzjH/zYJc5c/7tMLrJ78II4F9N8+em5W+:XjH/zYJc5c/76LrJ78I7BL
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  bin/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  4KB
- MD5
  
  eebda1fdd970433750c115eae2f03865
- SHA1
  
  3f1a1cddb99dead013eac825eb418241656d4bf0
- SHA256
  
  ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7
- SHA512
  
  8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb
- SSDEEP
  
  96:HDGAW6FJJJkCO8evcIWtdrvrg+1/sLMiWAOKjLobLMzD:BWCDqC20IWtZD92pzOKvomD
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  bin/Monaco/vs/editor/editor.main.js
- Size
  
  2.1MB
- MD5
  
  a7e3083cfe200263edfb4bf011b893a3
- SHA1
  
  18b52dc38e7a8a612892f5e60a08d9b19e1f472f
- SHA256
  
  9e2fb6171592f7a3c33d3b5baef58b516b36473ff7717bbd643574991923435e
- SHA512
  
  6bbb149102958e23c42accbbd18595fcfffd547bb826f2309956c036983692e83b7313567a42e50d98a1c946fab554e32b77ef4d0f8bc0cc7f0dda196fd7e23b
- SSDEEP
  
  24576:jFFExk98EXl2uRJxjP3Gdv6QLtQ2MbRpn:Yxk98EXl2ixjP3Gdv6QLtdMf
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.de.js
- Size
  
  46KB
- MD5
  
  d1fd2fb756c73970b9c5e0ba07bff708
- SHA1
  
  470057b3244886dccc9f6074297cc8bc2a9c1b39
- SHA256
  
  cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828
- SHA512
  
  db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf
- SSDEEP
  
  768:ocuLC1xYdRB1a3Xq1GdigBoQqAaI/QQUEYPxFpXT1kF7bJZYmz7lehjDWMQRBk3Z:oclxgVuXq1GdiRQqAaI/QvEYPxFpDkbg
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.es.js
- Size
  
  46KB
- MD5
  
  36f546b28ca17ece9f8eb9bcf8344e13
- SHA1
  
  d43934b9041587799e332b2f568aa81666227258
- SHA256
  
  327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654
- SHA512
  
  13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d
- SSDEEP
  
  768:oX8nKFyVgAYwTQG8zHqIkGMvnmvoKA9OfxjB3EVuU13pjbazPn0ANy7+IkLDKPp9:oMKFyVRcdzHqIkGMvnmvoKA9OfxjB3E5
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.fr.js
- Size
  
  49KB
- MD5
  
  1a29080733878dd44e0c118e84cd0c39
- SHA1
  
  60c158e23962b11918f6cae26445fad5b63bc65a
- SHA256
  
  6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8
- SHA512
  
  5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60
- SSDEEP
  
  768:op8flgb2uZ5CcXQ6Q3edz3uzATaY3l0y+wj90TWIvkU5BkREPTtOjNjZocYV3A4k:owliv5Ccg67SATaYVKPkRskjNGBAa3k
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.it.js
- Size
  
  48KB
- MD5
  
  18e88f58301ad5ae926204507ab99c6b
- SHA1
  
  8eb03235312e88b941f3be212c0efa12b24e6d5f
- SHA256
  
  4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c
- SHA512
  
  f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013
- SSDEEP
  
  768:opTEy7izsuMa01VaiYR2L8XoXNj8YtvnYbP4ymMb3d/gyKJdnPTrysribj5K3m05:of7fQ2qd4yq2FA1J1qn4VN7CgL
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.ja.js
- Size
  
  52KB
- MD5
  
  3bf851cc70f515cbbe1d39da93e4f041
- SHA1
  
  88fe6323bbe14b55b6eec078574318e8474be613
- SHA256
  
  1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f
- SHA512
  
  61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d
- SSDEEP
  
  384:hyd/PwPtm+04LZ+FFHr0ZA9qOSTvvIEveG1vz14NdahWMpA1Uj4vHbX3IPDScLBV:olP4LsIOCaT3lJr/Tvk6892vU1ssD
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32