General

  • Target

    30837ff7ce483965ce6b270bec9a1082ee7972e28d8e17bbfbf9cc908671cae0

  • Size

    5.6MB

  • Sample

    240214-feznmaaf47

  • MD5

    6c43c0e522be699b762ef2f93979f753

  • SHA1

    90056b17c488288068cd44848057b4fc5a63a973

  • SHA256

    30837ff7ce483965ce6b270bec9a1082ee7972e28d8e17bbfbf9cc908671cae0

  • SHA512

    67a51f38ad7bb5771e2d2495977c72a3b8793aefe7918c9afc38eb411de7c72530bf393c36f005fd673e2713f04fa0e156419de30383931d46c68873d72cb0b0

  • SSDEEP

    98304:IoibRU8E3k7gx6kS8rJFSn4nNHKQoXGpLaIL/kBx:IoibRUbk7zqJFcj5XGpLTzkD

Malware Config

Targets

    • Target

      30837ff7ce483965ce6b270bec9a1082ee7972e28d8e17bbfbf9cc908671cae0

    • Size

      5.6MB

    • MD5

      6c43c0e522be699b762ef2f93979f753

    • SHA1

      90056b17c488288068cd44848057b4fc5a63a973

    • SHA256

      30837ff7ce483965ce6b270bec9a1082ee7972e28d8e17bbfbf9cc908671cae0

    • SHA512

      67a51f38ad7bb5771e2d2495977c72a3b8793aefe7918c9afc38eb411de7c72530bf393c36f005fd673e2713f04fa0e156419de30383931d46c68873d72cb0b0

    • SSDEEP

      98304:IoibRU8E3k7gx6kS8rJFSn4nNHKQoXGpLaIL/kBx:IoibRUbk7zqJFcj5XGpLTzkD

    • Detect ZGRat V1

    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks