General
-
Target
9A495517949AA4F4112EDA7460B6903C.exe
-
Size
1.9MB
-
Sample
240302-reeh8sed64
-
MD5
9a495517949aa4f4112eda7460b6903c
-
SHA1
2903a362bbde234152a8f12bc5ed028e3231538b
-
SHA256
137f811a64808946b6f03fa54450fa9a4fe77eacfb7afa39f0a1a7a1ce659a60
-
SHA512
bc7d5c93156f2a1fc47553e0f8455cb66aa1e02d352707d5925c23a0cc78195adcc4f0c059a49edf14f3fd6079cf0c5caac397aea9456aefab5684fffc525128
-
SSDEEP
24576:2TbBv5rUyXVNweJZ7rsW7aB61THQZEDLRBoQwexZS1U1Cr2Egkfu6XFTLbB5xo+T:IBJNnl71zodgS1U8rZXpb7++IqRXz
Behavioral task
behavioral1
Sample
9A495517949AA4F4112EDA7460B6903C.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9A495517949AA4F4112EDA7460B6903C.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
9A495517949AA4F4112EDA7460B6903C.exe
-
Size
1.9MB
-
MD5
9a495517949aa4f4112eda7460b6903c
-
SHA1
2903a362bbde234152a8f12bc5ed028e3231538b
-
SHA256
137f811a64808946b6f03fa54450fa9a4fe77eacfb7afa39f0a1a7a1ce659a60
-
SHA512
bc7d5c93156f2a1fc47553e0f8455cb66aa1e02d352707d5925c23a0cc78195adcc4f0c059a49edf14f3fd6079cf0c5caac397aea9456aefab5684fffc525128
-
SSDEEP
24576:2TbBv5rUyXVNweJZ7rsW7aB61THQZEDLRBoQwexZS1U1Cr2Egkfu6XFTLbB5xo+T:IBJNnl71zodgS1U8rZXpb7++IqRXz
Score10/10-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1