General
-
Target
sample.7z
-
Size
5KB
-
Sample
240216-z9bd3afg3z
-
MD5
ff70a70d8843280bec01b78bbbf7e8d7
-
SHA1
5b02b0b38a4218c0da3cf5f28e237792b988ec65
-
SHA256
57db34be899c1fd7ad39de16d63f4495980d54de32f9bd35e64461fb9000516f
-
SHA512
0696ab6e1c83694eceeebab286390d808fc2d44b8269c638a82598be10bc98c9de6fa283f140c50e2249518d33cde4030949e8e8587735fae76e0da67c86dfad
-
SSDEEP
96:ePcIoh7czVmSwdS2sXSsELMu7MaWJILmNWajEk9+fEcQ84P5Y:+VmVdMisjcMNcmcajEhfJQBu
Static task
static1
Behavioral task
behavioral1
Sample
Scan001-StatementReport.wsf
Resource
win7-20231129-en
Malware Config
Extracted
http://176.107.183.105:555/w.jpg
Extracted
asyncrat
AWS | 3Losh
danny
r0nj.ooguy.com:7777
AsyncMutex_alosh
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Scan001-StatementReport.wsf
-
Size
31KB
-
MD5
99ec5f8d2779e65e64c54265f8ee1547
-
SHA1
593116987bdd5119eceec7882c8fbd11fae139f2
-
SHA256
62edf192312ffa77440aaac0de4b693126e2c14e6a96c9764de45fc4ff6c2ef1
-
SHA512
e39896113ea391097335b2c93d9d6dd76b255281c0aebc948c8a47ecd83fd7e1997ac224a30f108153b17d37f4fdd75dbce2a8d6ed9f5034af34293083cc4cbe
-
SSDEEP
768:Fs0IeoVcogHzATv4MR1b6rONCps0IeoVcogHzATv4MR1b6rONCD:pMXKceMXKcs
-
Detect ZGRat V1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-