General
-
Target
native.exe
-
Size
2.1MB
-
Sample
240301-rk34sagf5x
-
MD5
1a917a85dcbb1d3df5f4dd02e3a62873
-
SHA1
567f528fec8e7a4787f8c253446d8f1b620dc9d6
-
SHA256
217fbf967c95d1359314fcd53ae8d04489eb3c7bdc1f22110d5a8a476d1fc92e
-
SHA512
341acbd43efac1718c7f3e3795549acf29237a2675bdadcb7e52ce18aac6dcc6ae628e1b6edfa2338ed6d9923c148cb4322c75fad86d5c0e6f2327c2270563ec
-
SSDEEP
49152:/WlrvpDXJLRxe123BMGwxB19y0IEjaV/EC5O7pD:/apzJy1kMxt2R/ET
Malware Config
Targets
-
-
Target
native.exe
-
Size
2.1MB
-
MD5
1a917a85dcbb1d3df5f4dd02e3a62873
-
SHA1
567f528fec8e7a4787f8c253446d8f1b620dc9d6
-
SHA256
217fbf967c95d1359314fcd53ae8d04489eb3c7bdc1f22110d5a8a476d1fc92e
-
SHA512
341acbd43efac1718c7f3e3795549acf29237a2675bdadcb7e52ce18aac6dcc6ae628e1b6edfa2338ed6d9923c148cb4322c75fad86d5c0e6f2327c2270563ec
-
SSDEEP
49152:/WlrvpDXJLRxe123BMGwxB19y0IEjaV/EC5O7pD:/apzJy1kMxt2R/ET
Score10/10-
Detect ZGRat V1
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-