General
-
Target
tmp
-
Size
4.3MB
-
Sample
240202-n1a66adbc3
-
MD5
dc101ebccce8a5d7f83b4b6ae5d49178
-
SHA1
0e049dce0518d7f45077202de084610e51bc0ace
-
SHA256
458278fff0ef4dc89dbb774d8ef79bbd91e6390182e1dee60a534583f425b11b
-
SHA512
29749129569b804d12b4af4a2de8b3d8be104c915ac1061ce8cd8c9e33856f3e40ccc5fa121324aa5b70ce7582def95adf4c1e1a2177894ddbe10341a09b39b7
-
SSDEEP
98304:k1CxiKNDAMrWXrm+G/Mul2rq/aReDkizMeQUD1:+CxiLOUr6/Mul2rVe4iwVUD1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
tmp
-
Size
4.3MB
-
MD5
dc101ebccce8a5d7f83b4b6ae5d49178
-
SHA1
0e049dce0518d7f45077202de084610e51bc0ace
-
SHA256
458278fff0ef4dc89dbb774d8ef79bbd91e6390182e1dee60a534583f425b11b
-
SHA512
29749129569b804d12b4af4a2de8b3d8be104c915ac1061ce8cd8c9e33856f3e40ccc5fa121324aa5b70ce7582def95adf4c1e1a2177894ddbe10341a09b39b7
-
SSDEEP
98304:k1CxiKNDAMrWXrm+G/Mul2rq/aReDkizMeQUD1:+CxiLOUr6/Mul2rVe4iwVUD1
-
Detect ZGRat V1
-
XMRig Miner payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-