General

  • Target

    f6a8b58d0d8447fa707d64edf96eb3c7eae9e3a6fc7fc882ea2f246493e9ec31

  • Size

    2.9MB

  • Sample

    240318-cdyhdsdf86

  • MD5

    2af69129233a758c69f90af376b77f22

  • SHA1

    4780be117f3d9c1943d44d16b4d78d8e771480b0

  • SHA256

    f6a8b58d0d8447fa707d64edf96eb3c7eae9e3a6fc7fc882ea2f246493e9ec31

  • SHA512

    b59f4d4f428aa9a3f3d7bbe4753f53a3928eb5d06a5a632a144f21fdfaf2255b19316fda3f1f4440c7d88352321ce486307de110307f4db8200f279ed643a881

  • SSDEEP

    49152:mzW4BO4dQiABX3FVhgrNa7H0ZciVnzdgxMy9oaExU8iIfvswVdNeNHzy/G9ssy2:4js4dQi0X3FDgc72VnhHynxTpwDNehy8

Malware Config

Targets

    • Target

      NEW ORDER.pif

    • Size

      2.9MB

    • MD5

      fdf78fc377c3344eed18f78d7bb9563e

    • SHA1

      110e53a7d33151433e31e5124debc11d91aa5e4f

    • SHA256

      88670303d986c2ab42c91bf120273ceb7df2754708fc871820ca084e1678f670

    • SHA512

      10cadaa7d927f3ec4502ea140498d8025ce5d48b5d052e014c4a80854045da526a3ec621f421a73e6700175dbdbc6b549f8a98a833f112147bccb0394b5c3f7d

    • SSDEEP

      49152:5k29QKZE+YNvZfzj8jDa9HEZUGVdljgxaG9YSy7+wiiLhKCVHtojtXcbQlG0:51aKZE+ovZf/869KVdF5GlD3ZCxtoJc6

    • Detect ZGRat V1

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks