General
-
Target
A8FEEEE4D7550B6D235A58FCC27A7C27.exe
-
Size
1.9MB
-
Sample
240403-hdt3vsag55
-
MD5
a8feeee4d7550b6d235a58fcc27a7c27
-
SHA1
cca74652e0efb730d7109d825102f6d163cbcf91
-
SHA256
3ee12db2ab7af77010f1734d5e13766842c50b258c5fe228fe26164fe98ba4a9
-
SHA512
2a016f1dbd2d2466bf61a422775453432e16df42014370b8c862b03af0f176eef9058542aff89cf61825d3565045e943680c2386e09ca30327a9900190d155f3
-
SSDEEP
24576:hgXogJObMWfLOAT6gih1R12T3W07YbkKKcZUhhKpHqS/iZ0g0W2kg+mnS5aUVDe2:hFo6EN0W08kKKQUD8abIVS5xDL
Behavioral task
behavioral1
Sample
A8FEEEE4D7550B6D235A58FCC27A7C27.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
A8FEEEE4D7550B6D235A58FCC27A7C27.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
A8FEEEE4D7550B6D235A58FCC27A7C27.exe
-
Size
1.9MB
-
MD5
a8feeee4d7550b6d235a58fcc27a7c27
-
SHA1
cca74652e0efb730d7109d825102f6d163cbcf91
-
SHA256
3ee12db2ab7af77010f1734d5e13766842c50b258c5fe228fe26164fe98ba4a9
-
SHA512
2a016f1dbd2d2466bf61a422775453432e16df42014370b8c862b03af0f176eef9058542aff89cf61825d3565045e943680c2386e09ca30327a9900190d155f3
-
SSDEEP
24576:hgXogJObMWfLOAT6gih1R12T3W07YbkKKcZUhhKpHqS/iZ0g0W2kg+mnS5aUVDe2:hFo6EN0W08kKKQUD8abIVS5xDL
Score10/10-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1