General
-
Target
file.exe
-
Size
1.5MB
-
Sample
240307-v7vygahh5v
-
MD5
0c52d0355c15ed92930c645c340a1edb
-
SHA1
8bfdafa0aa3403c52bf115667833734c4c409581
-
SHA256
c122084a42b99f006a27e9c48d7098e192704183d3a5dfd57f924c03ae506552
-
SHA512
7889df8248c8b003b1d9d900bd15b5b215a3fca1f2d783c7f4ffedd6c09143970b7ab217dc3080de6b66c463331776283fc0c3711974eef77e02fea82aafe862
-
SSDEEP
24576:W4+ufew4vRRm5JjP++3jDSpLHnT3s++Gg0w38LzAqSSiKLWWW9GCdh:W46wV6pLnE3+8Giy5Wt3
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.5MB
-
MD5
0c52d0355c15ed92930c645c340a1edb
-
SHA1
8bfdafa0aa3403c52bf115667833734c4c409581
-
SHA256
c122084a42b99f006a27e9c48d7098e192704183d3a5dfd57f924c03ae506552
-
SHA512
7889df8248c8b003b1d9d900bd15b5b215a3fca1f2d783c7f4ffedd6c09143970b7ab217dc3080de6b66c463331776283fc0c3711974eef77e02fea82aafe862
-
SSDEEP
24576:W4+ufew4vRRm5JjP++3jDSpLHnT3s++Gg0w38LzAqSSiKLWWW9GCdh:W46wV6pLnE3+8Giy5Wt3
Score10/10-
Detect ZGRat V1
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-