General

  • Target

    859f296afcad7531a5e2ee4b5b8346da0d5ac0ba33700804216aa7365920f7cb

  • Size

    4.5MB

  • Sample

    240329-b9xejaed9t

  • MD5

    c66b1f6942762649c44bca726995a227

  • SHA1

    d22eba1dd78f3ab676afd3442a4b2a24c9342bf8

  • SHA256

    859f296afcad7531a5e2ee4b5b8346da0d5ac0ba33700804216aa7365920f7cb

  • SHA512

    1785bc2becad09b83aa98fe5d1191328f7f8336615144c07974ff4aeb61ec4a72940ba5d10cc9b91185a9f644b093ae74abef22531c0dc191839613369a23144

  • SSDEEP

    98304:AaHg3Vqv+AigbRik7kZ3srMw2FX+qK60L:AaH0VqhiKj7kZ3U+FuqA

Malware Config

Targets

    • Target

      859f296afcad7531a5e2ee4b5b8346da0d5ac0ba33700804216aa7365920f7cb

    • Size

      4.5MB

    • MD5

      c66b1f6942762649c44bca726995a227

    • SHA1

      d22eba1dd78f3ab676afd3442a4b2a24c9342bf8

    • SHA256

      859f296afcad7531a5e2ee4b5b8346da0d5ac0ba33700804216aa7365920f7cb

    • SHA512

      1785bc2becad09b83aa98fe5d1191328f7f8336615144c07974ff4aeb61ec4a72940ba5d10cc9b91185a9f644b093ae74abef22531c0dc191839613369a23144

    • SSDEEP

      98304:AaHg3Vqv+AigbRik7kZ3srMw2FX+qK60L:AaH0VqhiKj7kZ3U+FuqA

    • Detect ZGRat V1

    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks