Zharkbot Strings
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Zharkbot is a C++ downloader with extensive anti-analysis and anti-sandbox features. It uses in-line string encryption and API calls, making static and emulation analysis challenging. The malware performs sandbox detection by checking for specific usernames and hypervisors. It installs itself in the TEMP directory as 'explert.exe' and establishes persistence via the RUNONCE registry key. Zharkbot builds its C2 data and communicates with the server at solutionhub.cc:443/socket/. The analysis reveals the malware's build version as 1.2.5B and provides insights into its installation, persistence, and network communication methods.
OPENCTI LABELS :
amadey,downloader,anti-analysis,persistence,zharkbot,string encryption,c2 communication,anti-sandbox
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Zharkbot Strings