General
-
Target
a8af730b7f8a3d4ac88b733f7f0e9696.bin
-
Size
2.3MB
-
Sample
240408-b29pwsch9y
-
MD5
4a44223f2378cec38ec8512a312ddf42
-
SHA1
b65d51b7c29b3fc3c1e107e6e494ec1b734dea5f
-
SHA256
f20dce1cc1f11ea9d3598dc4a98e3496c032e09dbce17191ccdd94e80fc940cd
-
SHA512
a0965dafa3e1b448345fa465797c674723bb2cff55a0048b7d3c01eb7a628ef48e86459f78f7ee146eb0ed0badea19652928f9afa03d4b9c4de476566af881e4
-
SSDEEP
49152:MFv09sJbhycpc+EvX2bM0w/oKiyD4BEoBsfPf8FkpgmzHZ+/bGB:MFv0b8cF2by7FDETacFigmdB
Behavioral task
behavioral1
Sample
7447858ba629883749bfa27f7a6deb01ece420e0f4168ff1eea533d275b2e9d3.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
7447858ba629883749bfa27f7a6deb01ece420e0f4168ff1eea533d275b2e9d3.exe
-
Size
2.3MB
-
MD5
a8af730b7f8a3d4ac88b733f7f0e9696
-
SHA1
f32d56c4d5af090c3946f5fe4b7ad043fc0c4853
-
SHA256
7447858ba629883749bfa27f7a6deb01ece420e0f4168ff1eea533d275b2e9d3
-
SHA512
91d5c2a23739dd709bc7fd7e670145816f59516efb596f8ee9a853edb61e96071bfd26086a2167ba63915204dec7308db80068d36c02e9ecc18d2b5f159e38f6
-
SSDEEP
49152:DVzedGZNezUh7xIott9BviqD0lmSRKXF1oGbKOE8giCMZKaHe9B:xKgxIotHdiLmBXP1JDCMv6
-
Detect ZGRat V1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-