General

  • Target

    fdfb2d693550b116dcee622d470187e8

  • Size

    1.4MB

  • Sample

    231222-vvhsdaefa7

  • MD5

    fdfb2d693550b116dcee622d470187e8

  • SHA1

    31a0e9efe72e2fa387db4ee7e2ef52328e9e1766

  • SHA256

    8b5bc0141355c0b6ed6e40892c3e64500fe13e014cbe6d0623afbb6a2f934286

  • SHA512

    4b724041e202624664ea652bc2514614edc33815fa5de6e8c12731766f0085d51160ed27007e1c8ec36c7e41611b6edb5ec93a611bf8a8f4d35b4f41c6e2eae6

  • SSDEEP

    24576:PT3E0UelkojTr7v9mWKJSgs0uLJrmSFHqPEkISEwCyJGPk7RR:rjUeKwvv9jo/s0UZNFHbwO0

Malware Config

Targets

    • Target

      fdfb2d693550b116dcee622d470187e8

    • Size

      1.4MB

    • MD5

      fdfb2d693550b116dcee622d470187e8

    • SHA1

      31a0e9efe72e2fa387db4ee7e2ef52328e9e1766

    • SHA256

      8b5bc0141355c0b6ed6e40892c3e64500fe13e014cbe6d0623afbb6a2f934286

    • SHA512

      4b724041e202624664ea652bc2514614edc33815fa5de6e8c12731766f0085d51160ed27007e1c8ec36c7e41611b6edb5ec93a611bf8a8f4d35b4f41c6e2eae6

    • SSDEEP

      24576:PT3E0UelkojTr7v9mWKJSgs0uLJrmSFHqPEkISEwCyJGPk7RR:rjUeKwvv9jo/s0UZNFHbwO0

    • Detect ZGRat V1

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks