General
-
Target
DOCRAD0404INFOPDF2024RAD001-1.rar
-
Size
2.2MB
-
Sample
240404-13rm5sbd6z
-
MD5
d262b8731d5ca9a5761d2b00e8d9011f
-
SHA1
d6d7d4f7c2623be8053bba0cb96cf2b5bea03a15
-
SHA256
f510efc6561aad00a30b24509f39f2ea7dce23d4a17059b0786f646926eefb92
-
SHA512
bd261c06c587811e1a47a6d77e1593a5cd4044053992048b44db77bbd921a4b949b95dcb232f921250efea4cfafb534913db3e5e930af5db63b21969bf067939
-
SSDEEP
49152:U2P1FwijEzOOZJfmmZKQQa9rNlh8l53SXatOaPR:U2dCz/bYzaVNPS5CyOu
Static task
static1
Behavioral task
behavioral1
Sample
DOCRAD0404INFOPDF2024RAD001.exe
Resource
win7-20240221-es
Behavioral task
behavioral2
Sample
DOCRAD0404INFOPDF2024RAD001.exe
Resource
win10-20240404-es
Malware Config
Extracted
asyncrat
0.5.7B
MASTER01
armadnocaballerodominio.con-ip.com:4041
Cookies
-
delay
3
-
install
false
-
install_file
winu32.exe
-
install_folder
%AppData%
Targets
-
-
Target
DOCRAD0404INFOPDF2024RAD001.exe
-
Size
2.3MB
-
MD5
7a3e38c1d1aa89b1ba410ea0b4fed94b
-
SHA1
e76e606997a59ef8e0c5a09f61d8dc698683fbbd
-
SHA256
b219c4089fa80f02dd5ba6b280c0a3794af9cacf7460d090f23a56fb100d558c
-
SHA512
8a50c9885ff5910062fd5e2669f236364eca17256354fe843ec845e346c58dedba9dbccfd6dd58d2b5641302fff1fca67c689e2e1a2de9fd7ac21cf146150a48
-
SSDEEP
49152:/iOLTDTfqd1EPVXhbY7OIRF19/z3KH9a2ewNT0IciZYp:9LTnfqIphbY6EFP/z3oa2PNT0Ici6p
Score10/10-
Detect ZGRat V1
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-