General
-
Target
89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20
-
Size
451KB
-
Sample
240402-r515xsdd4v
-
MD5
0d34f2b095cbff0be00eb45758929907
-
SHA1
3fa3b5e296d49c4d8e6dfc5d4b775a48609aca78
-
SHA256
89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20
-
SHA512
6965e9d2c2b9a11bb428ba8ac47202b7d0d4aaf826f905fb0afee903b2ae4b85cec446b536721b84237aeeb08f03ff413a67c75c36ba78d85a6727831e7b6340
-
SSDEEP
6144:xpHC550+1KYQ2JRpK3SRgadBU9RwfqUKDPi5xo/nY:xpis+S2JRpK3SRgKQ/n
Static task
static1
Behavioral task
behavioral1
Sample
89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
bitrat
1.38
103.153.182.247:6161
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
Install path
-
install_file
Install name
-
tor_process
tor
Targets
-
-
Target
89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20
-
Size
451KB
-
MD5
0d34f2b095cbff0be00eb45758929907
-
SHA1
3fa3b5e296d49c4d8e6dfc5d4b775a48609aca78
-
SHA256
89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20
-
SHA512
6965e9d2c2b9a11bb428ba8ac47202b7d0d4aaf826f905fb0afee903b2ae4b85cec446b536721b84237aeeb08f03ff413a67c75c36ba78d85a6727831e7b6340
-
SSDEEP
6144:xpHC550+1KYQ2JRpK3SRgadBU9RwfqUKDPi5xo/nY:xpis+S2JRpK3SRgKQ/n
Score10/10-
Detect ZGRat V1
-
Detects executables Discord URL observed in first stage droppers
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-