Overview
overview
10Static
static
1stodio.bat
windows7-x64
1stodio.bat
windows10-2004-x64
1stodio.ps1
windows7-x64
10stodio.ps1
windows10-2004-x64
10stodio.vbs
windows7-x64
3stodio.vbs
windows10-2004-x64
7zilla.bat
windows7-x64
1zilla.bat
windows10-2004-x64
1zilla.ps1
windows7-x64
1zilla.ps1
windows10-2004-x64
1zilla.vbs
windows7-x64
3zilla.vbs
windows10-2004-x64
7General
-
Target
392b296594fa52c9dea628b9ef2cc329
-
Size
84KB
-
Sample
231205-wht6baea87
-
MD5
392b296594fa52c9dea628b9ef2cc329
-
SHA1
da9a2369edc6a2ffe6993f1447dfc35b3739b1b6
-
SHA256
248cea4d239e6f36af672ced25e973dfceed1f14ab4c01512304af4b30493654
-
SHA512
15fc28abf25c3523055d1ad96dfb7581e913caf19f634b766884799bd7b0820430edfb5f205c13b3e8f2f5f9fb3f0099dcd4a14a32db2040f8494cf4a7260d37
-
SSDEEP
1536:ojCb9I1CLAsUPqqOwCzMzmwuKy1REzUWTjaxqOws1z7k5HJgIdWrv08xc4L0c9bJ:osxJqUwupEzPjaxSt5HJsv0Gc4tjm0v
Static task
static1
Behavioral task
behavioral1
Sample
stodio.bat
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
stodio.bat
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
stodio.ps1
Resource
win7-20231201-en
Behavioral task
behavioral4
Sample
stodio.ps1
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
stodio.vbs
Resource
win7-20231201-en
Behavioral task
behavioral6
Sample
stodio.vbs
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
zilla.bat
Resource
win7-20231130-en
Behavioral task
behavioral8
Sample
zilla.bat
Resource
win10v2004-20231127-en
Behavioral task
behavioral9
Sample
zilla.ps1
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
zilla.ps1
Resource
win10v2004-20231127-en
Behavioral task
behavioral11
Sample
zilla.vbs
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
zilla.vbs
Resource
win10v2004-20231127-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
milan.giize.com:6606
milan.giize.com:7707
milan.giize.com:8808
AsyncMutex_alocvfxxsh
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
stodio.bat
-
Size
240B
-
MD5
eb7ab095198f2ac4bfce548fa5768f0a
-
SHA1
b2dfb2748f62fb6e9a4ea1318d1a0349abf7bafe
-
SHA256
0ee0bc61ef4263ca51688526a68cfe9a18dcb665b83fe7c61fbf03624804cc91
-
SHA512
9a61567e119ee5f425d41a7ac93097de5094b1c955ee8d845a3384800629658ec979660d36c366dbc620906b4444ca4f80262dcd634bb8b7e9a58ba71e015170
Score1/10 -
-
-
Target
stodio.ps1
-
Size
310KB
-
MD5
c93f2c6a2d7b7d714dafbe4033ba4dae
-
SHA1
7514e448bee6b3b4713624aed026eaab6d6824b0
-
SHA256
4a1d4326c45e7b93433aa2c29d3f892a80b80daa1a4338563ac25948daf14a5a
-
SHA512
173f180380c8120698cb695c21ef8b6589a29c73b899d1c0f8a5de5cc5d271ea23f41d09f920252a6ee889fe047e08d1d68600b204a8c128aa167fa01ec08cc6
-
SSDEEP
3072:L/GY5RnWnB2PhGx2WyA+P00/QkkilGeANm7LEFkMW8G:bGr2PhGx2WyA+P00/QkkilGw3ykMW8G
-
Detect ZGRat V1
-
Async RAT payload
-
Suspicious use of SetThreadContext
-
-
-
Target
stodio.vbs
-
Size
2KB
-
MD5
08013d5a23f8a6a47543e55260992e13
-
SHA1
e15610a3f106ea4be584f805a02441af4026316b
-
SHA256
fe26ba12a9ed10bc5d59ca5f186e66302482a69019d21fef8b1f2635942593a5
-
SHA512
244b57a0bf339e536b5593492686631e492ce6eb54d4586305eefe44af28ea25a33d9f2efa28293545cd3d0997ad40af4fa8301cc2669c86fb012e0bdb39f1eb
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
zilla.bat
-
Size
239B
-
MD5
fdfe802abefe653f23aeedf7762fa12a
-
SHA1
f5b98a87c74c2919b9e27871ea8b4c2ce8acfad2
-
SHA256
af3c368631fb276e5e2e97d082d0b1222ed0db7d327fc699f35106e071c7f33d
-
SHA512
97ab620c439f3c715788a59925c00d224d47d06a5d7eec1786d6bcb0d66523532cadef9703a0488a597fdae6bf14e1817f0678bff7b824282f7ff70b6920e217
Score1/10 -
-
-
Target
zilla.ps1
-
Size
744B
-
MD5
89024005b401a02787ce1980f13059a8
-
SHA1
9b125feeff3bdaf16b37c2ca61fc306e78185838
-
SHA256
545cdf22eedf39ddfdd534b8cda7334209cf1ad0aecfe6980abceb257c07f04a
-
SHA512
c218029ce274da66a429ddd1f52b6076f0075ed91cb0d2700e19e0e63c6e70d097b27ddba1e2c6cb0e1c67d9ed85c036b74f2005ed09252adba28784db9fde56
Score1/10 -
-
-
Target
zilla.vbs
-
Size
272B
-
MD5
695adf66be87c67eef4fde2414284e5e
-
SHA1
16b035af8a91298c4c59d21b05d6f9765d207bd8
-
SHA256
0d80d671ef5e4405539c5d74f25e8bbccacf14237500f475e12fc2408bd87d89
-
SHA512
fed573f9b868fcd35ad6e2a524ad81579596e2546adee7b9570b61836de92e961de737feb00652fc5093375c936373e89cca21a70cf48f20b66ea3dadd82bed7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-