General
-
Target
e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979
-
Size
5KB
-
Sample
231208-h3jcnahg34
-
MD5
35beb6bfc19b4f3f1a0163f52870394a
-
SHA1
211362d1784343a46988ca4eae79bb6d99d68d0b
-
SHA256
e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979
-
SHA512
bd4dc84de924069bf0adc12136badba67c89af49bbe1692631f25c674bce0f2e33c49820f72da019b0a28fe5ab646a438371458ddfe3ddde722b7438f0c86b77
-
SSDEEP
96:Ende79bSCbn4KLZDe5RuNDZPgDtENtUqwUNGOuKGd3ojfrl:WO9bZbn4KLZD+0NDZcSNtUqwUgiGdS
Static task
static1
Malware Config
Extracted
asyncrat
0.5.7B
Winlozb
46.1.103.124:2341
Winlozb
-
delay
3
-
install
false
-
install_file
Winlogzb
-
install_folder
%AppData%
Targets
-
-
Target
e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979
-
Size
5KB
-
MD5
35beb6bfc19b4f3f1a0163f52870394a
-
SHA1
211362d1784343a46988ca4eae79bb6d99d68d0b
-
SHA256
e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979
-
SHA512
bd4dc84de924069bf0adc12136badba67c89af49bbe1692631f25c674bce0f2e33c49820f72da019b0a28fe5ab646a438371458ddfe3ddde722b7438f0c86b77
-
SSDEEP
96:Ende79bSCbn4KLZDe5RuNDZPgDtENtUqwUNGOuKGd3ojfrl:WO9bZbn4KLZD+0NDZcSNtUqwUgiGdS
-
Detect ZGRat V1
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-