General
-
Target
b425db5faaff29191253707b4d495278
-
Size
3.8MB
-
Sample
240305-jddxbaae54
-
MD5
b425db5faaff29191253707b4d495278
-
SHA1
8c0abed7ec34769df754d0a96c36f304818a13a1
-
SHA256
7c51bf36e62d3094d2854fa3597c42c3cae7adffb3bb30bb95e6f38beff12cbc
-
SHA512
031b0a0e6f7be82792f4bbfebd9b59381317983a9efca3e601062937e67938c20935e98bbe75c35d8354055b8335959a73c87ee32102886d6e16b0dca0774b88
-
SSDEEP
98304:zmgSCO/UvjQwggy1zQjeIwMM46TVI9m6Pg:6gSCOAUw/y1zUewMxI9m6Pg
Static task
static1
Behavioral task
behavioral1
Sample
b425db5faaff29191253707b4d495278.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b425db5faaff29191253707b4d495278.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
revengerat
NyanCatRevenge
dontreachme.duckdns.org:3601
159ffe7d99124a92baa
Targets
-
-
Target
b425db5faaff29191253707b4d495278
-
Size
3.8MB
-
MD5
b425db5faaff29191253707b4d495278
-
SHA1
8c0abed7ec34769df754d0a96c36f304818a13a1
-
SHA256
7c51bf36e62d3094d2854fa3597c42c3cae7adffb3bb30bb95e6f38beff12cbc
-
SHA512
031b0a0e6f7be82792f4bbfebd9b59381317983a9efca3e601062937e67938c20935e98bbe75c35d8354055b8335959a73c87ee32102886d6e16b0dca0774b88
-
SSDEEP
98304:zmgSCO/UvjQwggy1zQjeIwMM46TVI9m6Pg:6gSCOAUw/y1zUewMxI9m6Pg
-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-