General
-
Target
972fe91915011242e2bf02b1ff007c381b09cdeb5fde90837c53ffe0464bd2bb.exe
-
Size
3.9MB
-
Sample
240229-ggnjtagb7s
-
MD5
648635ee494501409670f2e3b41d6e76
-
SHA1
1c5cc68a2d36c1ffedd884a94daa0279b98af236
-
SHA256
972fe91915011242e2bf02b1ff007c381b09cdeb5fde90837c53ffe0464bd2bb
-
SHA512
aa496e2d9a6aac67d15af7a12ffab85f5b3cb68e1767f191d82fa0984dd9789afd9239aded5c6f7882b6f67d2b7fedea8f7bb41acb6e8d594610f7f1b72da684
-
SSDEEP
49152:IBJslhExTgcA/Zo4GJO3K4Pe+KLdopASsetvh3Fh5/Z5zap+ENin:yG5cADm4PpRsetZ1rZ5s/Nin
Malware Config
Targets
-
-
Target
972fe91915011242e2bf02b1ff007c381b09cdeb5fde90837c53ffe0464bd2bb.exe
-
Size
3.9MB
-
MD5
648635ee494501409670f2e3b41d6e76
-
SHA1
1c5cc68a2d36c1ffedd884a94daa0279b98af236
-
SHA256
972fe91915011242e2bf02b1ff007c381b09cdeb5fde90837c53ffe0464bd2bb
-
SHA512
aa496e2d9a6aac67d15af7a12ffab85f5b3cb68e1767f191d82fa0984dd9789afd9239aded5c6f7882b6f67d2b7fedea8f7bb41acb6e8d594610f7f1b72da684
-
SSDEEP
49152:IBJslhExTgcA/Zo4GJO3K4Pe+KLdopASsetvh3Fh5/Z5zap+ENin:yG5cADm4PpRsetZ1rZ5s/Nin
Score10/10-
Detect ZGRat V1
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Detects executables packed with unregistered version of .NET Reactor
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-