General
-
Target
16b33b39c4ec711fffb888b62f9b5351
-
Size
1.2MB
-
Sample
231230-m6ek4aecer
-
MD5
16b33b39c4ec711fffb888b62f9b5351
-
SHA1
380635993091e4c404c24b0903dd4b4a0b40cf10
-
SHA256
068ff3add96d0de662d82296bd68f238ee9a7d74d92a9946e4490ed18615e06f
-
SHA512
f5fb11f69d3a8b4721b5d272885c91d8db5a6c1246a2f18b7219611abe9d9f14eeabb773f47e2d903823afa6b831c5d729ee60e4f0773576f9f19e91d3eba349
-
SSDEEP
24576:u/qF9fLueyyCgo0N4+47KTQJWs9h4aDiW5FRkTZRM4F:u/CH7o0N4+ZkJ2aDiIFoZRT
Static task
static1
Behavioral task
behavioral1
Sample
16b33b39c4ec711fffb888b62f9b5351.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
16b33b39c4ec711fffb888b62f9b5351.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
revengerat
NyanCatRevenge
dontreachme.duckdns.org:3602
774d753e6b8d42
Targets
-
-
Target
16b33b39c4ec711fffb888b62f9b5351
-
Size
1.2MB
-
MD5
16b33b39c4ec711fffb888b62f9b5351
-
SHA1
380635993091e4c404c24b0903dd4b4a0b40cf10
-
SHA256
068ff3add96d0de662d82296bd68f238ee9a7d74d92a9946e4490ed18615e06f
-
SHA512
f5fb11f69d3a8b4721b5d272885c91d8db5a6c1246a2f18b7219611abe9d9f14eeabb773f47e2d903823afa6b831c5d729ee60e4f0773576f9f19e91d3eba349
-
SSDEEP
24576:u/qF9fLueyyCgo0N4+47KTQJWs9h4aDiW5FRkTZRM4F:u/CH7o0N4+ZkJ2aDiIFoZRT
-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-