General

  • Target

    CZK PNG V4.1 (1).zip

  • Size

    151KB

  • Sample

    250120-zpbjbsymes

  • MD5

    2023c9e700ebc8291f6f288265dbd6f0

  • SHA1

    286911deb24e979cffeb1d7e7cfdb4e2e47ed69b

  • SHA256

    7cb8b47e91775deac874e423a7a5866c53ebfcda925afb1f2aebde50e8296ecf

  • SHA512

    e7e7095adcd1b59d80bc55857202fb6a921c7951a5e231f8cb9e85739bfe56cf7d4b83511d23e48c5996e5bf6d438d9cffede2ae826f4b8ef6d140c32f46f7bc

  • SSDEEP

    3072:h/4cOxEWEzRTRwDNbMbajoPhi++lUJ58qCN7/6oHU6pe:hAB5E3U5qc++ldQsXpe

Malware Config

Targets

    • Target

      CZK PNG V4.1 (1).zip

    • Size

      151KB

    • MD5

      2023c9e700ebc8291f6f288265dbd6f0

    • SHA1

      286911deb24e979cffeb1d7e7cfdb4e2e47ed69b

    • SHA256

      7cb8b47e91775deac874e423a7a5866c53ebfcda925afb1f2aebde50e8296ecf

    • SHA512

      e7e7095adcd1b59d80bc55857202fb6a921c7951a5e231f8cb9e85739bfe56cf7d4b83511d23e48c5996e5bf6d438d9cffede2ae826f4b8ef6d140c32f46f7bc

    • SSDEEP

      3072:h/4cOxEWEzRTRwDNbMbajoPhi++lUJ58qCN7/6oHU6pe:hAB5E3U5qc++ldQsXpe

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

    • Target

      CZK PNG V4/ExecutorIcon/Attach.png

    • Size

      10KB

    • MD5

      e26f8f0009140c1ed3f8ec808cc1d232

    • SHA1

      e8e2dac5af9356039e7a678a2f19d6631ee56b69

    • SHA256

      5213bec921212ec60d586dd75147e26f618289b2bc4f5a162190d79a5c2ed78d

    • SHA512

      37b0f6fd54d4d9842443972c7f31e37c2745d66ac0b3001853ef5c07a9f4d753fd3efd4c0beb0084ee26481de29fdafcdd6764667e5bbd17692c1d678c7ac829

    • SSDEEP

      192:yDOGyn7uIdPLzZygLqdxA9/a760yJhvKaGyxZ8Xkuq8jyGCq31bD142:yDOXn71zZjwIXJxKaGywXVZ3hD1Z

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/Clear.png

    • Size

      7KB

    • MD5

      b2376cbef1fd55501fcb51ac8b778d55

    • SHA1

      3ebe7b1854b30176157d80e3e44cb2c1a8190bbf

    • SHA256

      2c422126e5498f2af48f8a764b9972cd9763756f0696ebd28f95737d44eb6da8

    • SHA512

      a8a8a2240483e4ab9fb2ed69e0bd6b984be621d6026fc9424ea3c460712f336056e1f4da48b475eed36c46c37e13ceeb11f07efc2d8d8cb97d207d865e845ec5

    • SSDEEP

      192:6VvMn8te92PneyeduUkG+ygFJnqgzjed7DIeGDp9mmD5tz:N8te98NeXKFz8PGDp9lXz

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/EDITOR.png

    • Size

      12KB

    • MD5

      9f841cc3f270a5267e237989a7809f4c

    • SHA1

      de233a86414cc58210c5ea4c534c46d5d89df028

    • SHA256

      c05c7db4337dc6543de03c0b0fdcfb3b5b0169b2f1ebd8d31c33378613c82344

    • SHA512

      cefc3297e710c7d5e0dcc9d1681e7f3ea05a9a73e990e4602fb789936415d3c4783503fc7ff013cfbfcb650a0f7666d2b549d9cd7c8b5de1396c53946817bffe

    • SSDEEP

      384:Chsh3dY2zBIex2utipd5bM0Ul9rC/mKkMp:XY2Xs/DULrC/dp

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/ScriptHub.png

    • Size

      7KB

    • MD5

      1386cbdf2fb35edf22e24ea15e86b7ab

    • SHA1

      93dc1bd173c84c49ca510769ee225660238940f5

    • SHA256

      0f6a20838eaac8708a91bdc5046139a2aebe24969162eee2fe69fa9493cc388a

    • SHA512

      f54151f6e06fda2737f23e89ef4ddc6559641fff372694156e3e7e7c2a45edb76b5edf9085a1b9cae4f77b7eb3cb757f7de8076c1e8571d9692f64523808d079

    • SSDEEP

      192:WGH4WLr0sQPYJ3jB9A9hhtLSJ15Eivjn86Z1:WA4WzQPYJ3N4hHLc15Tjnv

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/close.png

    • Size

      9KB

    • MD5

      53c3c410ade7710b84ca42fe28b42923

    • SHA1

      a75ffca2b6456e376819ce5c9249914bbfa82beb

    • SHA256

      b360d5b957c7306f0152330e32b2607f3722e94ad3df0c768841ef92f888ede0

    • SHA512

      f03c2ef8aea5644f4aa1db78c1bba506b029fe4fcb445d19c7ea191230992635c84915cec77bdeee0d3a8ca54e423d399270d7e16282335e8388aee7ecf21e26

    • SSDEEP

      192:5//6sF6PRZjmJqlqzpm8/BfH2lKhGyxu7j6TCu1JVUOGZVf0cbpltEVo:5DFSRYJdpmufK8xuv6TC7FZVfXlJ

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/discord.png

    • Size

      13KB

    • MD5

      d3a17076b3913ba3afb5abb9305ac9e2

    • SHA1

      0efbed74f764bd6998ac00f303c058b4d94b5459

    • SHA256

      fe6d2e8252a8c5c43777ff15d63d44e9896789d9f9189cf21fbc9f5144dc338c

    • SHA512

      ad82298d2e935f4a44b699060e01a608fc265f440e938a57f77b97506614e0e97a55ef24e02feb5c3e4f694921c249b0088fdc1bd47ef606443e949df5c6be35

    • SSDEEP

      384:M5b3tYeDHqPo5xvJHYB/h1XBDrYSFWizxCG:M9JuPmxvtYB/fy0WizxCG

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/diskette.png

    • Size

      6KB

    • MD5

      93a4a25dae56c3a04e34748ffcc6533c

    • SHA1

      2bc9a1d1671885d62a7372e4b8321912493c772f

    • SHA256

      72d29d352236619197801b82decd665e76fcd492b3fd1a54b4bd537374c9997c

    • SHA512

      5d3627131f089ebceb21095c3b4f11520e6715aac20244d789cd166f9ba71c0d472b5d651e5868ae12833cbb39942825186749c6366b1ddf9a48ee7811304bad

    • SSDEEP

      192:2tpheMFcSHj9Xi7q/sCVeSrqmaVDwVegKy:23etSHBGEeSrqmaVDwVegKy

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/enter.png

    • Size

      1KB

    • MD5

      a6968adb16a687bd0831b3400768cb77

    • SHA1

      b94d759ca16831412fef952420356c217ea35f11

    • SHA256

      fa18aa05ea4ed136480863c7e4c9386b59ce1fa509561156f26e908fb0acfbcb

    • SHA512

      564ae1f9788c85b3dd5607962c440372a3fc5fa8cd9693a3aa8b8d542e1a1b57a7ee98e0fddb2ea3926afde6fd19210b227780ad6ff8d39fccf79358319fd9a7

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/folder.png

    • Size

      7KB

    • MD5

      28816109fc9764084578584b0c2580d8

    • SHA1

      b14161afd805b142518004f9513ad93651a69f55

    • SHA256

      7de9d45165cd82958d9f9b97e9431097f6b89ef3182ccd9fff56fa71da354e8b

    • SHA512

      b99efc6a7c56821c9fe5644654a24c3e68060c2661a68320b4ca993b30b8d1aaf722ac03554608db13cc6652b859ba004889c973c4a5771da3a20582174b0449

    • SSDEEP

      96:qi4rGT3yzDcy2ZhQ2IhkSlbe+jwrSduOTSItu/Old8NYZFf2AEKcAQR2gX1neYrp:7ezF+hOBe+UWuO18qUYv2A9cZpp6Q

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/inject.png

    • Size

      3KB

    • MD5

      978c090eb395756fbef4bc65ab90c6a8

    • SHA1

      004cb48add9833648406258977768876d3c16311

    • SHA256

      7597968e7381ea3ddfc7de519e84072e15eecc155050cb90c7e4736bbae30b99

    • SHA512

      8e350bfc118f5c32052d538ec9e4dea4f15e7e306df0527e55e7d041581f400c1dafc6f2b4d6cbc565c46fde49b5e87b6acdcfbbd72322896887e7adb8c88a84

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/minimize.png

    • Size

      6KB

    • MD5

      c5047b00b790dae13f727c3b23e7100e

    • SHA1

      464fab9e22bc1901e163ae7ea1c2c30c3ef17804

    • SHA256

      3cd3f38940cde0c460bedc0722899c4bedc58d0d9c841b0cdae6560c62696cae

    • SHA512

      ab0cf11cb475b18e6d2100f53e9d3db09286084764671b99e24291ae22732604a68d6ae12353381c6a196999e86b4957170999dd9115e5fc6536283c0fd1a650

    • SSDEEP

      96:C6rDvFgn98biMDgSFZBgwQLWAIzOFLNHYAejeQyueE37O8mpz/QX5hMjDd3zF:C6/vEqNFZkLW1+LN4AIyOIU7MjRJ

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/play-button-arrowhead.png

    • Size

      8KB

    • MD5

      2e17116cb41808de55696f89fa6a075c

    • SHA1

      0ee9d82f83c85ed836755dd5edf61e5de1aab1e9

    • SHA256

      08575fbbd40d3cd9cd835d7dce8d05505de6ec456fc5d939b9cbf9f25ee3f024

    • SHA512

      183ff983a70c32eae7780df64d947970c3e869dadbce552bb244cda20d692918f92317445f5aba72e3f46d8c3dd3d3ef2e8d9d75993924899051bf5657824c12

    • SSDEEP

      192:SPvH0TVLidz53gpaXFeITFi76iFOBcIHi4mQ/wod/648u9:Sn0TlQJgpaXFeITFiGW4cIC49Aru9

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/setting.png

    • Size

      12KB

    • MD5

      a4e09a5952a7c7b7f58a7194b2e5dd76

    • SHA1

      aa323e8d66e4b996acaec377238497cc4662d3c1

    • SHA256

      5baa59915f40b19b2d1c6f449c194561d4853ea642aa96524fbfe38779c97f8d

    • SHA512

      e1e39881fb711661d9b46a97f6834b228edcfa8f2cc699acb91f11bf7d8ad2d28c6e9e4220425c902457f29c75c90287eb8100f0a5c677e864f8f6a5f3167099

    • SSDEEP

      384:+cdN/Pz+7F72rRASQ/ecyuFbC9YJ+cBDvROOq2Ger:Bddr+7F72rMcwnpZOOaer

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/sign-out.png

    • Size

      1KB

    • MD5

      eb1deda9a13e32eafe471c91afe199b1

    • SHA1

      26b2395bda74be3bcdaca365cc73bc88e1bbff21

    • SHA256

      fb9b679cfc895a9235f34731e288d663fa894e4bd5c29aa018e6426ae4c5da0e

    • SHA512

      f938ae730e7a26395e22f9c198c91dc520852ac9d52a615c7defe763d4c10f837d03e723793d0b5388088feb963fd242229a80b1965d59576dde5e9f5060d734

    Score
    3/10
    • Target

      CZK PNG V4/ExecutorIcon/youtube.png

    • Size

      12KB

    • MD5

      d47c0da6a2aecf5d7f02097d8786d136

    • SHA1

      2a643652b096be690a856c7c39bfaad73024f69b

    • SHA256

      9a9f7495f195203445a790599e1a60f74a74721821d37004c67c3ac7cf2d2710

    • SHA512

      04f9372d1443cd6eb2e133f27f8df275cf90d7a7e242d5cef063cd1173b1a4f2070ddb3d3e5ef789862b565b4493c04766b102bed6109a0b54379381698b1f6a

    • SSDEEP

      384:A9ml995M+nxOUFtxUpgg87gnnRssJpVcsr:A9mv95V3s/87g3JQsr

    Score
    3/10
    • Target

      CZK PNG V4/Misc/EMAIL.png

    • Size

      10KB

    • MD5

      a932577aae1fbbf688568b6b585298c6

    • SHA1

      1d9cbb72cf324a29af481047e0f47d0a082f1a5e

    • SHA256

      0005593134c48f78698af025cb140f8c3578417e9ad7af3741e4eb980fe327cc

    • SHA512

      27cdd23a9b501e9e38d55cdee3790b5ba9a8c20adff9e990cc6fe9aa0cd01fa04c0edeadb144728fa9b5e4eedd65493af24927dd68394aa9b479c105516c91e3

    • SSDEEP

      192:AsgHWqo4Umm/zli36IO7MZz9DWpT6yQIfkBVaAEmVUBsnpcYFOFB2n:AsTdmmb0tXYN/Bsn1OB2n

    Score
    3/10
    • Target

      CZK PNG V4/Misc/ERROR LOGO.png

    • Size

      11KB

    • MD5

      1f04feb07d1feadc4d3567b9a5d69cd1

    • SHA1

      a61d6a179739a803d02f57cf8e115f672074462c

    • SHA256

      fc8d4f74811b2961364b37ed618bb3adc3c462519bf399846c06c20aa2efac43

    • SHA512

      d2a601e3548436e1b74af2d905530f542221cab964b6521ce57f1408b82d5a0a4ff738b1caadb5a85fa1abd974778a4b674b0a75d8f520add42986335a745d55

    • SSDEEP

      192:O7H+fzsTuKyuZbXbTiDPQyMjNfINJDH3PFgtsELkMP7TsuMCl9eDGyr58IaI7:O7++uHkTh5NC322nkTiDh8IaI7

    Score
    3/10
    • Target

      CZK PNG V4/Misc/PASSWORD.png

    • Size

      10KB

    • MD5

      266bd01d6a02f012518fcd83d1ad460e

    • SHA1

      62ac3a4602647fb92735a49af2031b0e8ecb9598

    • SHA256

      9ad925e296c1cabf3ef7b9ef4a5757fe2cdc00e31ffeb95ee97cc598dba358f4

    • SHA512

      a409651a0e6da166a0d47bf56313da0d4505b095cfbee87b9ca1f97e93a742f674d0359903aba21b6f19f443dfaa24ea795fd89a43992f3b2bcc17c75b93794c

    • SSDEEP

      192:xt99JV9W+djJOxyrF+OhOrKA1f7jN8BQV3u:xt/xHMixU2A1f7yQE

    Score
    3/10
    • Target

      CZK PNG V4/Misc/left-arrow.png

    • Size

      6KB

    • MD5

      44b3def1c180f86513852a070f45a2cf

    • SHA1

      250a4111580151d3cc620470f1e690ab31389ba3

    • SHA256

      e531773e1bbd91e60ef2a133daae404d67ff5e30b6912227464ccc5b4b3aefb2

    • SHA512

      41df92ad60124aa51c811989b8ce8a1d760aaad63b511b18e419efe72b4564762ae8574d1ccca73f29ec9b438fa5664a2c56908a7e8f817f887734c2c4511cf1

    • SSDEEP

      192:TUUmbOWMPjgxv/GR12hYW5cN4fUzQFOlTEe:TUUmb+MF/Gf2hYCcefUYIEe

    Score
    3/10
    • Target

      CZK PNG V4/Misc/right-arrow.png

    • Size

      6KB

    • MD5

      e536513499085df876aac21ecebf54c9

    • SHA1

      2b0d32cf20d4e3a0d735336dcac9ba5f47c02115

    • SHA256

      158621a14a35385ebd5827f77e703a71431558ecbee42baa84a2ba00eb39f563

    • SHA512

      44541eba4dec507a2a80f0a402eab7a284f71f751ad3d10c1cafc97475a5bd32c3e81bd62c5cd4af0824dd4170ff437e529a74843de31e91da4dbe386fa733f7

    • SSDEEP

      96:Ab5ldDwVeYSpyBiNJgRZtfMVcm5jXImZlcaNyj1oWByAN5tda+4BAmK1lVkbR2yr:q6YNJWfMVDXV/c1oGLP4W1Xj2v

    Score
    3/10
    • Target

      CZK PNG V4/desktop.ini

    • Size

      54B

    • MD5

      df164dbc708ca05255b2f86deddddc7e

    • SHA1

      2c5a1c402b81087cd11ef0bab2e91dbb9f9ccba7

    • SHA256

      0dd430f1aba8913a047f617540ca952c0ae3b25d438de77a8f743fb762fd6fb7

    • SHA512

      742a08578c078f0f8229e326d9c32550b7bd56eac5ec9d812427121952d57419fef001b4a7b3d312fc32357136aa85e6db089d15fc063853f248ac5e41af27b0

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks