General
-
Target
HyperSpoof (2024).rar
-
Size
57KB
-
Sample
240316-c2bzashh7v
-
MD5
4b99599c0946da5a5fb5d62aed8c9319
-
SHA1
008c6d784073a5bf9466de026f4baa46abcef253
-
SHA256
21ec1141e55d4c21b89fb4be9e7692bf61681868f17cc78a9e691f44b911157c
-
SHA512
0ec00a4bdcbcd3d28f198e932b24305a2f90d6623d87c0d62af1b35873f02eba51f64ae23b4d15c34a14456cf4fef85d9dc838a0b2290554c3e158ca2b4330f9
-
SSDEEP
1536:mqcYnM1m8fFzUsLvfxi4QvPawWeTgI2m/fB:mq/Mc8fFzdvg4uFTN2w
Malware Config
Targets
-
-
Target
HyperSpoof (2024).rar
-
Size
57KB
-
MD5
4b99599c0946da5a5fb5d62aed8c9319
-
SHA1
008c6d784073a5bf9466de026f4baa46abcef253
-
SHA256
21ec1141e55d4c21b89fb4be9e7692bf61681868f17cc78a9e691f44b911157c
-
SHA512
0ec00a4bdcbcd3d28f198e932b24305a2f90d6623d87c0d62af1b35873f02eba51f64ae23b4d15c34a14456cf4fef85d9dc838a0b2290554c3e158ca2b4330f9
-
SSDEEP
1536:mqcYnM1m8fFzUsLvfxi4QvPawWeTgI2m/fB:mq/Mc8fFzdvg4uFTN2w
Score10/10-
Detect ZGRat V1
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Nirsoft
-
Blocklisted process makes network request
-
Creates new service(s)
-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-