General

  • Target

    04d7b7724baf46febb5adfa8626d7131_JaffaCakes118

  • Size

    13.5MB

  • Sample

    240328-nynz8shd94

  • MD5

    04d7b7724baf46febb5adfa8626d7131

  • SHA1

    c5692f9d5b88334059cee27c26939179aed0e45b

  • SHA256

    9b91f4c120d001aeda29fb8a4fd4c7b700bd900ab6487cd03e78c69ad1d9da46

  • SHA512

    b763a4bb8006b87a32bc6f6a59d2494cb729af55469318bc50e0784a5e47263b5b20e961c9ab0be75450cf078d03e6e5ee6f2c07532749d8aef93ebdb704b8ea

  • SSDEEP

    393216:XC6MNaEIzJd4FuCyuQBUS8f9eqR+pB8PlbX:pM8zd2QBUS8f7a6Plb

Score
10/10

Malware Config

Targets

    • Target

      04d7b7724baf46febb5adfa8626d7131_JaffaCakes118

    • Size

      13.5MB

    • MD5

      04d7b7724baf46febb5adfa8626d7131

    • SHA1

      c5692f9d5b88334059cee27c26939179aed0e45b

    • SHA256

      9b91f4c120d001aeda29fb8a4fd4c7b700bd900ab6487cd03e78c69ad1d9da46

    • SHA512

      b763a4bb8006b87a32bc6f6a59d2494cb729af55469318bc50e0784a5e47263b5b20e961c9ab0be75450cf078d03e6e5ee6f2c07532749d8aef93ebdb704b8ea

    • SSDEEP

      393216:XC6MNaEIzJd4FuCyuQBUS8f9eqR+pB8PlbX:pM8zd2QBUS8f7a6Plb

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks