General

  • Target

    d69f743c79a61ae7d7ed62f6690992c3

  • Size

    408KB

  • Sample

    240319-vahlwahe5z

  • MD5

    d69f743c79a61ae7d7ed62f6690992c3

  • SHA1

    b758aa7172f95a3cfc7a5fb5e5974b0eb4edca03

  • SHA256

    565bc21d2357c70baa32f95c4b954b7296292dd185ef9fc3da50c6a08e2efa33

  • SHA512

    2188808ae41d3b3cc4323fec3e01f94e03cc575b49ec85d6a3f4c6cd0e567749c3eedcedf71b2d61fde82289669f319d55ed8b38cddc2502d06f3cf888f5b7f0

  • SSDEEP

    6144:7+hFGk0sdrH5wjzxKvTkePF6Q6Axdikp4RfMqpl3Xz2UUFBdQg:72z0sFZozxKvoiFjbrp4bplXz2UU9

Malware Config

Targets

    • Target

      d69f743c79a61ae7d7ed62f6690992c3

    • Size

      408KB

    • MD5

      d69f743c79a61ae7d7ed62f6690992c3

    • SHA1

      b758aa7172f95a3cfc7a5fb5e5974b0eb4edca03

    • SHA256

      565bc21d2357c70baa32f95c4b954b7296292dd185ef9fc3da50c6a08e2efa33

    • SHA512

      2188808ae41d3b3cc4323fec3e01f94e03cc575b49ec85d6a3f4c6cd0e567749c3eedcedf71b2d61fde82289669f319d55ed8b38cddc2502d06f3cf888f5b7f0

    • SSDEEP

      6144:7+hFGk0sdrH5wjzxKvTkePF6Q6Axdikp4RfMqpl3Xz2UUFBdQg:72z0sFZozxKvoiFjbrp4bplXz2UU9

    • Detect ZGRat V1

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks