General
-
Target
ChrоmеSеtuр.exe
-
Size
4.4MB
-
Sample
231106-l7cx8aad7v
-
MD5
c10aa9fa661b84bdc111d3ee98181cd5
-
SHA1
66fefa24ecf97301c65592ea129ffe72a6c66008
-
SHA256
1f3a9acdd1e56fd858186d389534419c1ac4dbb35f88cebe546b5ed09036d140
-
SHA512
940c7102670c1f18fb0b977154f7258043c96819fc4566ab7eeacc20b91a9af18f19e770f0bfcb43f88e358c88eb928e7542cf46c6eb14bbc8225539a2e6e1c0
-
SSDEEP
98304:zs0CjNvOX2zQtwChHwJx5CiGinzqs0CjNvOX2zQtwChHwJx5CiGinzK2:zsfjNC2z+woHa0in2sfjNC2z+woHa0iz
Malware Config
Targets
-
-
Target
ChrоmеSеtuр.exe
-
Size
4.4MB
-
MD5
c10aa9fa661b84bdc111d3ee98181cd5
-
SHA1
66fefa24ecf97301c65592ea129ffe72a6c66008
-
SHA256
1f3a9acdd1e56fd858186d389534419c1ac4dbb35f88cebe546b5ed09036d140
-
SHA512
940c7102670c1f18fb0b977154f7258043c96819fc4566ab7eeacc20b91a9af18f19e770f0bfcb43f88e358c88eb928e7542cf46c6eb14bbc8225539a2e6e1c0
-
SSDEEP
98304:zs0CjNvOX2zQtwChHwJx5CiGinzqs0CjNvOX2zQtwChHwJx5CiGinzK2:zsfjNC2z+woHa0in2sfjNC2z+woHa0iz
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-