Resubmissions

02/03/2024, 15:25

240302-sts6lsee6x 10

General

  • Target

    Launcher.exe

  • Size

    1.9MB

  • Sample

    240302-sts6lsee6x

  • MD5

    ec4474fe748f8496cdaf969617ee5f7f

  • SHA1

    243b4b227570d4886d0e6aa49c42203139f41cac

  • SHA256

    b2bf95b5efd6d4074da5351479e53d9cc4ac6adcfcbb8eaab865aba9317b9047

  • SHA512

    a2c7aee20b6eff21137c8fcf52f6e0080d2007f7ae1c994528ed3a2e213034c1c5f7efe09861a387cdde5e75f366458f0a97a0bae1e3a075a54e4e9cae71cb04

  • SSDEEP

    49152:y7pi0mPK1k0Nta6RkScnmgE2x8QC72kddVMx2:yscM69cnnC32ud

Score
10/10

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      1.9MB

    • MD5

      ec4474fe748f8496cdaf969617ee5f7f

    • SHA1

      243b4b227570d4886d0e6aa49c42203139f41cac

    • SHA256

      b2bf95b5efd6d4074da5351479e53d9cc4ac6adcfcbb8eaab865aba9317b9047

    • SHA512

      a2c7aee20b6eff21137c8fcf52f6e0080d2007f7ae1c994528ed3a2e213034c1c5f7efe09861a387cdde5e75f366458f0a97a0bae1e3a075a54e4e9cae71cb04

    • SSDEEP

      49152:y7pi0mPK1k0Nta6RkScnmgE2x8QC72kddVMx2:yscM69cnnC32ud

    Score
    10/10
    • Detect ZGRat V1

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks