General

  • Target

    002f6f310a1ea664bfe07e5dd7045676.exe

  • Size

    5.6MB

  • Sample

    240317-j3valahh34

  • MD5

    002f6f310a1ea664bfe07e5dd7045676

  • SHA1

    104e60ea49811a2b33442c5192b0d5f539fd235e

  • SHA256

    c875d48e9242fff77283972803a88ca27a9045381a42c57c94f105cee7e0549c

  • SHA512

    3caad6aaa12f9dc5e5e7ddbbebe166b90e5721233619c8f31ad02754b0060889cb6cc36688b1b725e526e8c5e263b40ebb943c9bcf8938a56ce69c122076cb85

  • SSDEEP

    98304:V2wSiJSTjLc3oYusZhfoFH/Ydc4ajxG/zSDZyqBJEJaO6JrRe7kEcEAL:gw1gT84Y1ha/YdAftyziJrRnE

Malware Config

Targets

    • Target

      002f6f310a1ea664bfe07e5dd7045676.exe

    • Size

      5.6MB

    • MD5

      002f6f310a1ea664bfe07e5dd7045676

    • SHA1

      104e60ea49811a2b33442c5192b0d5f539fd235e

    • SHA256

      c875d48e9242fff77283972803a88ca27a9045381a42c57c94f105cee7e0549c

    • SHA512

      3caad6aaa12f9dc5e5e7ddbbebe166b90e5721233619c8f31ad02754b0060889cb6cc36688b1b725e526e8c5e263b40ebb943c9bcf8938a56ce69c122076cb85

    • SSDEEP

      98304:V2wSiJSTjLc3oYusZhfoFH/Ydc4ajxG/zSDZyqBJEJaO6JrRe7kEcEAL:gw1gT84Y1ha/YdAftyziJrRnE

    • Detect ZGRat V1

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks