General
-
Target
Launcher.exe
-
Size
1.9MB
-
Sample
240302-sts6lsee6x
-
MD5
ec4474fe748f8496cdaf969617ee5f7f
-
SHA1
243b4b227570d4886d0e6aa49c42203139f41cac
-
SHA256
b2bf95b5efd6d4074da5351479e53d9cc4ac6adcfcbb8eaab865aba9317b9047
-
SHA512
a2c7aee20b6eff21137c8fcf52f6e0080d2007f7ae1c994528ed3a2e213034c1c5f7efe09861a387cdde5e75f366458f0a97a0bae1e3a075a54e4e9cae71cb04
-
SSDEEP
49152:y7pi0mPK1k0Nta6RkScnmgE2x8QC72kddVMx2:yscM69cnnC32ud
Behavioral task
behavioral1
Sample
Launcher.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Launcher.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Launcher.exe
-
Size
1.9MB
-
MD5
ec4474fe748f8496cdaf969617ee5f7f
-
SHA1
243b4b227570d4886d0e6aa49c42203139f41cac
-
SHA256
b2bf95b5efd6d4074da5351479e53d9cc4ac6adcfcbb8eaab865aba9317b9047
-
SHA512
a2c7aee20b6eff21137c8fcf52f6e0080d2007f7ae1c994528ed3a2e213034c1c5f7efe09861a387cdde5e75f366458f0a97a0bae1e3a075a54e4e9cae71cb04
-
SSDEEP
49152:y7pi0mPK1k0Nta6RkScnmgE2x8QC72kddVMx2:yscM69cnnC32ud
Score10/10-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1