General

  • Target

    ATM Dekont E-Maili pdf.exe

  • Size

    320KB

  • Sample

    240313-rb4zqaee51

  • MD5

    857f57632320c296ed42603d5dc50753

  • SHA1

    5383f9059896b7f871d7c974ed887aced42789f7

  • SHA256

    7199c9f3d8524e27b8fd14131f0992eb16433d0aa21563805f7fee29e773e719

  • SHA512

    269b4f8961667c44edef79527cb70b5b53e5dd062fc4a4e28ab79ba4049415c29499b0cb1f9f0967a03dda197a3ff3784316e73171e479449daa461230da4930

  • SSDEEP

    6144:6PBJmR7777rL0DWuRbao46Li4/bPrCt9UHNxizH+zyfw4spWJy:6PmjuRbn4qjTPOtQNxDzyo4spl

Malware Config

Targets

    • Target

      ATM Dekont E-Maili pdf.exe

    • Size

      320KB

    • MD5

      857f57632320c296ed42603d5dc50753

    • SHA1

      5383f9059896b7f871d7c974ed887aced42789f7

    • SHA256

      7199c9f3d8524e27b8fd14131f0992eb16433d0aa21563805f7fee29e773e719

    • SHA512

      269b4f8961667c44edef79527cb70b5b53e5dd062fc4a4e28ab79ba4049415c29499b0cb1f9f0967a03dda197a3ff3784316e73171e479449daa461230da4930

    • SSDEEP

      6144:6PBJmR7777rL0DWuRbao46Li4/bPrCt9UHNxizH+zyfw4spWJy:6PmjuRbn4qjTPOtQNxDzyo4spl

    • Detect ZGRat V1

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks