General
-
Target
fdfb2d693550b116dcee622d470187e8
-
Size
1.4MB
-
Sample
231222-vvhsdaefa7
-
MD5
fdfb2d693550b116dcee622d470187e8
-
SHA1
31a0e9efe72e2fa387db4ee7e2ef52328e9e1766
-
SHA256
8b5bc0141355c0b6ed6e40892c3e64500fe13e014cbe6d0623afbb6a2f934286
-
SHA512
4b724041e202624664ea652bc2514614edc33815fa5de6e8c12731766f0085d51160ed27007e1c8ec36c7e41611b6edb5ec93a611bf8a8f4d35b4f41c6e2eae6
-
SSDEEP
24576:PT3E0UelkojTr7v9mWKJSgs0uLJrmSFHqPEkISEwCyJGPk7RR:rjUeKwvv9jo/s0UZNFHbwO0
Behavioral task
behavioral1
Sample
fdfb2d693550b116dcee622d470187e8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
fdfb2d693550b116dcee622d470187e8.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
fdfb2d693550b116dcee622d470187e8
-
Size
1.4MB
-
MD5
fdfb2d693550b116dcee622d470187e8
-
SHA1
31a0e9efe72e2fa387db4ee7e2ef52328e9e1766
-
SHA256
8b5bc0141355c0b6ed6e40892c3e64500fe13e014cbe6d0623afbb6a2f934286
-
SHA512
4b724041e202624664ea652bc2514614edc33815fa5de6e8c12731766f0085d51160ed27007e1c8ec36c7e41611b6edb5ec93a611bf8a8f4d35b4f41c6e2eae6
-
SSDEEP
24576:PT3E0UelkojTr7v9mWKJSgs0uLJrmSFHqPEkISEwCyJGPk7RR:rjUeKwvv9jo/s0UZNFHbwO0
Score10/10-
Detect ZGRat V1
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-