Overview

overview

10

Static

static

3

583489ddd2...9a.exe

windows7-x64

10

583489ddd2...9a.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    583489ddd23580cde02c85a8c9a3709a

  • Size

    935KB

  • Sample

    240113-g59f7adeer

  • MD5

    583489ddd23580cde02c85a8c9a3709a

  • SHA1

    25f5eef0a98633b90ebb5309bf85950066ffdd63

  • SHA256

    8baf889d87ae4f268aefcdfd463f755c817c005afaaf0b17c736222c8e13b1a5

  • SHA512

    cecba605f9b9d1f42dacd311796412dfe61851a42ac8b4a5d8e631ae2121f16f87ce9fe6311bb5431fd27214b1d096dac52ce96bdbd78f529789658ef0551c15

  • SSDEEP

    24576:GJMZnbqcI1mjUgoDq7m2JNxT//D3GrDzYP68:eMZGcwmjU5Dq7pLz/TG3z

Score
10/10
asyncratzgratpersistencerat

Malware Config

Targets

    • Target

      583489ddd23580cde02c85a8c9a3709a

    • Size

      935KB

    • MD5

      583489ddd23580cde02c85a8c9a3709a

    • SHA1

      25f5eef0a98633b90ebb5309bf85950066ffdd63

    • SHA256

      8baf889d87ae4f268aefcdfd463f755c817c005afaaf0b17c736222c8e13b1a5

    • SHA512

      cecba605f9b9d1f42dacd311796412dfe61851a42ac8b4a5d8e631ae2121f16f87ce9fe6311bb5431fd27214b1d096dac52ce96bdbd78f529789658ef0551c15

    • SSDEEP

      24576:GJMZnbqcI1mjUgoDq7m2JNxT//D3GrDzYP68:eMZGcwmjU5Dq7pLz/TG3z

    Score
    10/10
    asyncratzgratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks