General

  • Target

    c2bca86c0657ff2453deae621c8d5233

  • Size

    7.3MB

  • Sample

    231220-rhg4jaafe6

  • MD5

    c2bca86c0657ff2453deae621c8d5233

  • SHA1

    8f74eb906101904d9994b99f0e17de6da82ff848

  • SHA256

    3a3f4e01b7e226bd1bb13de06701bfdccbb8c42b69b0121e848584f4ec1e6f9c

  • SHA512

    858e4255c13d84cfb300d733a6090e98bd0cd82c6dbe355d08cbeff4411fab04c0032c02414e583c66743cd237c7783ed009cc8fe4de9e2b4114e15132ed3ff2

  • SSDEEP

    196608:Uszj2QaUFqYAcRrCbU6+xZcoLms3aU4iao1:7j2QaUI5cRmXoZvaUF71

Malware Config

Targets

    • Target

      c2bca86c0657ff2453deae621c8d5233

    • Size

      7.3MB

    • MD5

      c2bca86c0657ff2453deae621c8d5233

    • SHA1

      8f74eb906101904d9994b99f0e17de6da82ff848

    • SHA256

      3a3f4e01b7e226bd1bb13de06701bfdccbb8c42b69b0121e848584f4ec1e6f9c

    • SHA512

      858e4255c13d84cfb300d733a6090e98bd0cd82c6dbe355d08cbeff4411fab04c0032c02414e583c66743cd237c7783ed009cc8fe4de9e2b4114e15132ed3ff2

    • SSDEEP

      196608:Uszj2QaUFqYAcRrCbU6+xZcoLms3aU4iao1:7j2QaUI5cRmXoZvaUF71

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks