General
-
Target
311bd3030d17b87bc8b78411e2b6e00c26be14a68e64818d749d449d85606d8a
-
Size
682KB
-
Sample
231106-sartfabh5v
-
MD5
d94aa78159582d4755da5eca190d5f0b
-
SHA1
b7b0bf1944cd655e7569f232a66cf80f050279e4
-
SHA256
311bd3030d17b87bc8b78411e2b6e00c26be14a68e64818d749d449d85606d8a
-
SHA512
6bc0d0d7ee97fee9f513c6a4955453aca498be1e7804c12583e1b783ea02f5bc265e69f3b99996faedeaa5a89af96a7335095905ce4ee32e7e23f54262b1d5ec
-
SSDEEP
12288:lJVt1918SuzpvriS0bhWTL6TpwU4AuwTT9LRPpE0mWvLEFjFwcAKGu6UG7KZ:lJVvwzpM0TwrFpE0TvoFjFwccu2K
Malware Config
Targets
-
-
Target
311bd3030d17b87bc8b78411e2b6e00c26be14a68e64818d749d449d85606d8a
-
Size
682KB
-
MD5
d94aa78159582d4755da5eca190d5f0b
-
SHA1
b7b0bf1944cd655e7569f232a66cf80f050279e4
-
SHA256
311bd3030d17b87bc8b78411e2b6e00c26be14a68e64818d749d449d85606d8a
-
SHA512
6bc0d0d7ee97fee9f513c6a4955453aca498be1e7804c12583e1b783ea02f5bc265e69f3b99996faedeaa5a89af96a7335095905ce4ee32e7e23f54262b1d5ec
-
SSDEEP
12288:lJVt1918SuzpvriS0bhWTL6TpwU4AuwTT9LRPpE0mWvLEFjFwcAKGu6UG7KZ:lJVvwzpM0TwrFpE0TvoFjFwccu2K
Score10/10-
Detect ZGRat V1
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
ZGRat
ZGRat is remote access trojan written in C#.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-