General

  • Target

    file.exe

  • Size

    645KB

  • Sample

    240127-zlz3hsdfem

  • MD5

    e4b306658c26422c3734e38fe35f3901

  • SHA1

    1e6cfab2ead962d98819ebb39df2f74cb4ede975

  • SHA256

    ae16c9b0453f3cd9829140adcf38934bc8e2497373e1f3ff486c351ae5b1118e

  • SHA512

    f054af2cb0db777e99fcb64f3bd9a2afe44e747b6822a13bf593c5db19a415b5ff1e893d30bcf087c8eeab2e5b700e121f0f1602aeec6a8913620d3262ade9a7

  • SSDEEP

    12288:rFxTiR74R/ZaiskkLLpeVpKMwMRku787TrRANr9EE02+5M:m7UBC8pKMw9uZsW

Malware Config

Extracted

Family

systembc

C2

69.10.60.115:4018

Targets

    • Target

      file.exe

    • Size

      645KB

    • MD5

      e4b306658c26422c3734e38fe35f3901

    • SHA1

      1e6cfab2ead962d98819ebb39df2f74cb4ede975

    • SHA256

      ae16c9b0453f3cd9829140adcf38934bc8e2497373e1f3ff486c351ae5b1118e

    • SHA512

      f054af2cb0db777e99fcb64f3bd9a2afe44e747b6822a13bf593c5db19a415b5ff1e893d30bcf087c8eeab2e5b700e121f0f1602aeec6a8913620d3262ade9a7

    • SSDEEP

      12288:rFxTiR74R/ZaiskkLLpeVpKMwMRku787TrRANr9EE02+5M:m7UBC8pKMw9uZsW

    • Detect ZGRat V1

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks