General
-
Target
bee0b629d62b22ded860f4b4b727aa82
-
Size
336KB
-
Sample
240310-r6ecjseg33
-
MD5
bee0b629d62b22ded860f4b4b727aa82
-
SHA1
41dfd94bb6fc44517b8bf54f0df18f75d6532ffa
-
SHA256
14a5d98a762dc78113a0a642820b7fa2fc7ff86805d1dcc1d05230de717124d2
-
SHA512
4fd5aa0fe69133a045e62b88adb301f07436f1275cdfa14d2bf97ece74f8104c67103421a16edad8b9964669f6ff6fefa24e4a06c5f147f3cc0d4b2350f090e8
-
SSDEEP
6144:kJRMksaJX+krFD+4taWKQRO3ORNeHEhmI0fEJI5IXJbeT/PhBSY:SMkT5+krFDar7MmI0fEJdaT/PhsY
Static task
static1
Behavioral task
behavioral1
Sample
bee0b629d62b22ded860f4b4b727aa82.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bee0b629d62b22ded860f4b4b727aa82.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
revengerat
NyanCatRevenge
dontreachme.duckdns.org:3602
774d753e6b8d42
Targets
-
-
Target
bee0b629d62b22ded860f4b4b727aa82
-
Size
336KB
-
MD5
bee0b629d62b22ded860f4b4b727aa82
-
SHA1
41dfd94bb6fc44517b8bf54f0df18f75d6532ffa
-
SHA256
14a5d98a762dc78113a0a642820b7fa2fc7ff86805d1dcc1d05230de717124d2
-
SHA512
4fd5aa0fe69133a045e62b88adb301f07436f1275cdfa14d2bf97ece74f8104c67103421a16edad8b9964669f6ff6fefa24e4a06c5f147f3cc0d4b2350f090e8
-
SSDEEP
6144:kJRMksaJX+krFD+4taWKQRO3ORNeHEhmI0fEJI5IXJbeT/PhBSY:SMkT5+krFDar7MmI0fEJdaT/PhsY
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-