General

  • Target

    er5thygfd.zip

  • Size

    7.4MB

  • Sample

    240318-ta3flscd76

  • MD5

    99fefc78f54dc27321dd31d51e841bb2

  • SHA1

    1e7b4bc92d75322b3c73df9f5f5b4f2f08cb314d

  • SHA256

    41a8b4bbde769dd1d866ea6bfb8912d092234cc6f80c37893b3797e2b7f4f612

  • SHA512

    4ad6bed098c4a8ccbe14934212e80be4c782397bcde3227f7d96944819321abe901affff7a6a2ac4d1e4f3026ec5b7e66bb01c83d894e1243e76f6f0942f0f18

  • SSDEEP

    196608:XcigPpk6YzSiTm2/ZAaSBr6sQuqgWu0k/2RxkL9dyAE8KZgx:XExpY7S2aqgWKqxUby18KC

Malware Config

Targets

    • Target

      EdUpdMachine.exe

    • Size

      131.6MB

    • MD5

      0aabf386604e94f11fdbd56778bb8234

    • SHA1

      54b3f0ff8d93b42da1c353d64fc71509e9b26255

    • SHA256

      d373492b42a14e6b91b4a64c89086e19d2a166710fa237bbda80b6d0c1a7ad8a

    • SHA512

      d0d227af2d41c02e03ef25bd980b2347188bcb054b1e8f77685fc87ef5ece0f56c60115ea15dec9d5e66f8bf16f314b3cad4d23f8baf8d343e750937fa5e82c6

    • SSDEEP

      196608:AYic7JWa0zYsJuY5nqAgX3qs8QoSUcEGnUlFk/nlewwMQ/i:AE9P0H8YgoSUwCFile3MQ

    • Detect ZGRat V1

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Drops file in Drivers directory

    • Stops running service(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks