Overview

overview

10

Static

static

1

DJI+Assist...14.exe

windows10-2004-x64

10

DJI+Assist...14.exe

windows11-21h2-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DJI+Assistant+2+For+Mavic+2.0.14.exe

  • Size

    220.9MB

  • Sample

    241217-tm7k4aspb1

  • MD5

    5ed21360de855550b5d76fd3b58a0d9c

  • SHA1

    8ec79d60dc65fa62d28fc34a0d729cfc5b58968b

  • SHA256

    d5df2d8ea45e881670a9b723a495363fb198700a60b47cba5507bf1164e14698

  • SHA512

    659b3d430259e13ae26422b3c79ba5cc1a41e319f690a9947b310e073260f21204432a5ad752e615146a338ef9d6f26eac78fa9418e73451cbb7fbbffdbfd6d7

  • SSDEEP

    6291456:9Zd82MdKKBxeHHR6z9PXGGYt4+mfRci0DkkCc78LE:9VMdvBxeHoJXGftPj8g

Score
10/10
zebrocybackdoordiscoverytrojan

Malware Config

Targets

    • Target

      DJI+Assistant+2+For+Mavic+2.0.14.exe

    • Size

      220.9MB

    • MD5

      5ed21360de855550b5d76fd3b58a0d9c

    • SHA1

      8ec79d60dc65fa62d28fc34a0d729cfc5b58968b

    • SHA256

      d5df2d8ea45e881670a9b723a495363fb198700a60b47cba5507bf1164e14698

    • SHA512

      659b3d430259e13ae26422b3c79ba5cc1a41e319f690a9947b310e073260f21204432a5ad752e615146a338ef9d6f26eac78fa9418e73451cbb7fbbffdbfd6d7

    • SSDEEP

      6291456:9Zd82MdKKBxeHHR6z9PXGGYt4+mfRci0DkkCc78LE:9VMdvBxeHoJXGftPj8g

    Score
    10/10
    zebrocybackdoordiscoverytrojan

    • Zebrocy

      Zebrocy is a backdoor created by Sofacy threat group and has multiple variants developed in different languages.

      trojanbackdoorzebrocy

    • Zebrocy Go Variant

    • Zebrocy family

      zebrocy

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks