General
-
Target
18c04e1e7011010cc0cf983dda84804c03bb1de35adff177614f6a4d537f5e6d
-
Size
5KB
-
Sample
231124-hp5nqsgc95
-
MD5
a25afcfcab5014e3b1c1d00be2ed1c98
-
SHA1
33b01c0c85791e70deab178c307b976856a53f17
-
SHA256
18c04e1e7011010cc0cf983dda84804c03bb1de35adff177614f6a4d537f5e6d
-
SHA512
2a90d06ffd8b9dc086ab5000ba988a66b532ef0918e7e4b24fda564af5b1a1c4ff4bf2243f2bea986ae81272a8868401996aafcc3576e624e721e0d34466410e
-
SSDEEP
96:679SSCFyRr8n5NzVTq48w/rt4x1d3oj8rl:c9SZFm85NzVTT8w/rU1dV
Static task
static1
Behavioral task
behavioral1
Sample
18c04e1e7011010cc0cf983dda84804c03bb1de35adff177614f6a4d537f5e6d.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
asyncrat
0.5.7B
MicrosoftEdge
46.1.103.69:9371
MicrosoftEdge
-
delay
3
-
install
false
-
install_file
MicrosoftEdge
-
install_folder
%AppData%
Targets
-
-
Target
18c04e1e7011010cc0cf983dda84804c03bb1de35adff177614f6a4d537f5e6d
-
Size
5KB
-
MD5
a25afcfcab5014e3b1c1d00be2ed1c98
-
SHA1
33b01c0c85791e70deab178c307b976856a53f17
-
SHA256
18c04e1e7011010cc0cf983dda84804c03bb1de35adff177614f6a4d537f5e6d
-
SHA512
2a90d06ffd8b9dc086ab5000ba988a66b532ef0918e7e4b24fda564af5b1a1c4ff4bf2243f2bea986ae81272a8868401996aafcc3576e624e721e0d34466410e
-
SSDEEP
96:679SSCFyRr8n5NzVTq48w/rt4x1d3oj8rl:c9SZFm85NzVTT8w/rU1dV
Score10/10-
Detect ZGRat V1
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-