General

  • Target

    a8af730b7f8a3d4ac88b733f7f0e9696.bin

  • Size

    2.3MB

  • Sample

    240408-b29pwsch9y

  • MD5

    4a44223f2378cec38ec8512a312ddf42

  • SHA1

    b65d51b7c29b3fc3c1e107e6e494ec1b734dea5f

  • SHA256

    f20dce1cc1f11ea9d3598dc4a98e3496c032e09dbce17191ccdd94e80fc940cd

  • SHA512

    a0965dafa3e1b448345fa465797c674723bb2cff55a0048b7d3c01eb7a628ef48e86459f78f7ee146eb0ed0badea19652928f9afa03d4b9c4de476566af881e4

  • SSDEEP

    49152:MFv09sJbhycpc+EvX2bM0w/oKiyD4BEoBsfPf8FkpgmzHZ+/bGB:MFv0b8cF2by7FDETacFigmdB

Malware Config

Targets

    • Target

      7447858ba629883749bfa27f7a6deb01ece420e0f4168ff1eea533d275b2e9d3.exe

    • Size

      2.3MB

    • MD5

      a8af730b7f8a3d4ac88b733f7f0e9696

    • SHA1

      f32d56c4d5af090c3946f5fe4b7ad043fc0c4853

    • SHA256

      7447858ba629883749bfa27f7a6deb01ece420e0f4168ff1eea533d275b2e9d3

    • SHA512

      91d5c2a23739dd709bc7fd7e670145816f59516efb596f8ee9a853edb61e96071bfd26086a2167ba63915204dec7308db80068d36c02e9ecc18d2b5f159e38f6

    • SSDEEP

      49152:DVzedGZNezUh7xIott9BviqD0lmSRKXF1oGbKOE8giCMZKaHe9B:xKgxIotHdiLmBXP1JDCMv6

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks