General

  • Target

    a5e8111701769f6ee892b47ddb9b4790.exe

  • Size

    636KB

  • Sample

    240117-2esqzagdf6

  • MD5

    a5e8111701769f6ee892b47ddb9b4790

  • SHA1

    09501abc923db2adba25e47d13a6c16ba0408148

  • SHA256

    f5a3bc0b1c24f8e34b6af56760a6aa04d8fcc33a9a104336364bc1a149027e25

  • SHA512

    b990338e60ed67fc3177fe37feded9b2ef5f4bc77d99406dd072b6b80d4834ef2538832d24e57fe5c01be0c9db84f1cd414d6f5641e2fa9eed850a184ed0c974

  • SSDEEP

    12288:64xvwEgazq3eXf3Z6wAyo2ypdg9WdBg9XwBHoI2b:L1lzq3qJIPoWx

Malware Config

Extracted

Family

systembc

C2

69.10.60.115:4018

Targets

    • Target

      a5e8111701769f6ee892b47ddb9b4790.exe

    • Size

      636KB

    • MD5

      a5e8111701769f6ee892b47ddb9b4790

    • SHA1

      09501abc923db2adba25e47d13a6c16ba0408148

    • SHA256

      f5a3bc0b1c24f8e34b6af56760a6aa04d8fcc33a9a104336364bc1a149027e25

    • SHA512

      b990338e60ed67fc3177fe37feded9b2ef5f4bc77d99406dd072b6b80d4834ef2538832d24e57fe5c01be0c9db84f1cd414d6f5641e2fa9eed850a184ed0c974

    • SSDEEP

      12288:64xvwEgazq3eXf3Z6wAyo2ypdg9WdBg9XwBHoI2b:L1lzq3qJIPoWx

    • Detect ZGRat V1

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks