General
-
Target
9d7c3463d4a4f4390313c214c7a79042b4525ae639e151b5ec8a560b0dd5bd0a
-
Size
481KB
-
Sample
240410-p62rqsgd98
-
MD5
af9a60ea728985f492119ebf713e0716
-
SHA1
4fecd1895b6f7ff41b8b0dee700b5f194743b36a
-
SHA256
9d7c3463d4a4f4390313c214c7a79042b4525ae639e151b5ec8a560b0dd5bd0a
-
SHA512
ea30b2c32d5737e863cba1e2c15260d6127642d57266b0ff696caf5b2be7d8044fb946af84626e24492159f2404726b8ee476331596f7e54dc6540f473f9bd44
-
SSDEEP
12288:mOvYiBk/qBZ9wu0YF4bojSKFg3Up7zwbv6JtTBLzv0Qfcjejje7IfJqIksJC74Jr:VfBkG9RF4bojSKFg3Up7zwbv6JtTBLzF
Malware Config
Targets
-
-
Target
9d7c3463d4a4f4390313c214c7a79042b4525ae639e151b5ec8a560b0dd5bd0a
-
Size
481KB
-
MD5
af9a60ea728985f492119ebf713e0716
-
SHA1
4fecd1895b6f7ff41b8b0dee700b5f194743b36a
-
SHA256
9d7c3463d4a4f4390313c214c7a79042b4525ae639e151b5ec8a560b0dd5bd0a
-
SHA512
ea30b2c32d5737e863cba1e2c15260d6127642d57266b0ff696caf5b2be7d8044fb946af84626e24492159f2404726b8ee476331596f7e54dc6540f473f9bd44
-
SSDEEP
12288:mOvYiBk/qBZ9wu0YF4bojSKFg3Up7zwbv6JtTBLzv0Qfcjejje7IfJqIksJC74Jr:VfBkG9RF4bojSKFg3Up7zwbv6JtTBLzF
Score10/10-
Detect ZGRat V2
-
SaintBot
Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
-
SaintBot payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-