General
-
Target
16032024_0001_chooseadvancepro.zip
-
Size
8.4MB
-
Sample
240315-tgjxvace9s
-
MD5
ebe44e26839403d514068242e284df70
-
SHA1
84216fae394c4c61df865f15b27cdaa9e4c3f272
-
SHA256
4a5f11e3a8ef02a8cecd221c14e789562c441df0fd9f91c7766ad3d25d03ec85
-
SHA512
ae3dfc72aa8fc087bc8f3263487e1bcf7d7575d72139b5dd6ce96e75b85fa68277fc2cb29dc01ce65fe02035090bc699ac04fbfb3ef283a1ba7898c58f2d65ad
-
SSDEEP
196608:50+fC+T+jdaP0aU/c83Y/TiBdb5RbkMtKy3wwNvxTOjnTjjuKY7a:50FjIPrU/cCyTS51k8LAnTXq7a
Static task
static1
Behavioral task
behavioral1
Sample
chooseadvancepro/chooseadvancepro.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lumma
https://colorfulequalugliess.shop/api
Targets
-
-
Target
chooseadvancepro/chooseadvancepro.exe
-
Size
8.4MB
-
MD5
c619f9f5947e27fafad1cb1d62d17311
-
SHA1
ac04371cd219632c08e0a4b60bad49a259dd4444
-
SHA256
e200ee556b9cc7354becc3f397c4b8d0225c38ea8c9d17182e552cc0fe48056d
-
SHA512
eaf023fdc896dd4b5267a137feb69fc649fe8a7b4e42fe22638c0d52a4a31e4c575cfae20f10bb9af9f3b4809db98cf2ce0724ed8c8047040eb8c2c961ea374e
-
SSDEEP
196608:kgdA+F6/H8nOikJSs3uzhSHFnDnArEYtW8xq2/v1dstbTZjIKKv:k1/cnzkJSSuhiDWEojIbThYv
Score10/10-
Detect ZGRat V1
-
PureLog Stealer payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-