Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

01/11/2023, 15:11

231101-sky1haab5w 7

31/10/2023, 15:15

231031-sndtqsac5x 10

General

  • Target

    Voice.ai-Downloader-alphaver-9a8076101605478c95f602b0ba1e61b7.exe

  • Size

    476KB

  • Sample

    231031-sndtqsac5x

  • MD5

    b8162dccc95c2ed40a3fd946dd127242

  • SHA1

    27899142d055dcce7ad3288028c8e3187421275c

  • SHA256

    23ecba0be777d9b7a5683d0939d9ae17c4427c46e51ff959e91785d83c60efd1

  • SHA512

    51eef114974531407df6e04af725855293db7e5bdd2e311af5b14dcbef70de9759ae00fa1c17bb72351697fb8d8cf163a1072e957430d33ca90dffeadf0eefbb

  • SSDEEP

    3072:AkBGWOsTIJgIDU5A/cto68pMABlZQ2wpFD0ravSGKBUGYDxJ0y5t8:A1ssjn5Mp2w7g+VKvSA

Malware Config

Targets

    • Target

      Voice.ai-Downloader-alphaver-9a8076101605478c95f602b0ba1e61b7.exe

    • Size

      476KB

    • MD5

      b8162dccc95c2ed40a3fd946dd127242

    • SHA1

      27899142d055dcce7ad3288028c8e3187421275c

    • SHA256

      23ecba0be777d9b7a5683d0939d9ae17c4427c46e51ff959e91785d83c60efd1

    • SHA512

      51eef114974531407df6e04af725855293db7e5bdd2e311af5b14dcbef70de9759ae00fa1c17bb72351697fb8d8cf163a1072e957430d33ca90dffeadf0eefbb

    • SSDEEP

      3072:AkBGWOsTIJgIDU5A/cto68pMABlZQ2wpFD0ravSGKBUGYDxJ0y5t8:A1ssjn5Mp2w7g+VKvSA

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks