General
-
Target
82d2779e90cbc9078aa70d7dc6957ff0d6d06c127701c820971c9c572ba3058e
-
Size
481KB
-
Sample
240410-pggp9sae2y
-
MD5
593ac1acb0452748340d6a5ccdb18f12
-
SHA1
2d2af604a8e4f0df9b36c047c8f9e9b0759327e9
-
SHA256
82d2779e90cbc9078aa70d7dc6957ff0d6d06c127701c820971c9c572ba3058e
-
SHA512
627af0a78c4d5463b5899f1c75bdbbc5c8a08a29567a105f83e717b9b6e425946548fda6ae64381a5353904ee3351302fe93526ddceb89fbb020ddba670ca747
-
SSDEEP
12288:V4iZfaa9BoKBN2C8JgDkvFTr5/rpn9Nw+GmFR4Z3UY+07RSWqYqh+ylE5oehqCDT:23mhBsCEyWTr5/rpn9Nw+GmFR4Z3UY+k
Malware Config
Targets
-
-
Target
82d2779e90cbc9078aa70d7dc6957ff0d6d06c127701c820971c9c572ba3058e
-
Size
481KB
-
MD5
593ac1acb0452748340d6a5ccdb18f12
-
SHA1
2d2af604a8e4f0df9b36c047c8f9e9b0759327e9
-
SHA256
82d2779e90cbc9078aa70d7dc6957ff0d6d06c127701c820971c9c572ba3058e
-
SHA512
627af0a78c4d5463b5899f1c75bdbbc5c8a08a29567a105f83e717b9b6e425946548fda6ae64381a5353904ee3351302fe93526ddceb89fbb020ddba670ca747
-
SSDEEP
12288:V4iZfaa9BoKBN2C8JgDkvFTr5/rpn9Nw+GmFR4Z3UY+07RSWqYqh+ylE5oehqCDT:23mhBsCEyWTr5/rpn9Nw+GmFR4Z3UY+k
Score10/10-
Detect ZGRat V2
-
SaintBot
Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
-
SaintBot payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-