General
-
Target
e14e63227d5b6ea60f029fc00c057c1ea929de4ff71d34c6e4dc657a73f4f01f
-
Size
792KB
-
Sample
240417-r81zbsed6s
-
MD5
e25c46a4349c06e5404e5ca910250259
-
SHA1
1e0ec124c6349e71f27f8293fdc28153886dbfb1
-
SHA256
e14e63227d5b6ea60f029fc00c057c1ea929de4ff71d34c6e4dc657a73f4f01f
-
SHA512
7f90b5b67e937a95a5924858bef9c6eb987f490ef90abb1d5cf60840f9173332aa44e93188c295441b8187908c66d2a2ffd3306e0502a5d8e64ec1d5cc2c0fa1
-
SSDEEP
24576:yDYcSDjnMKNJ3zgTC1CdF11QvLbvave2CvTZgTpLXONfC9A:yEc2DHSCEdl6vF161f9A
Static task
static1
Behavioral task
behavioral1
Sample
36b6d1ea82820b0b1675694e3b78bd3e9de13b63e499dcc938fdac27302e57f8.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
36b6d1ea82820b0b1675694e3b78bd3e9de13b63e499dcc938fdac27302e57f8.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot6062190835:AAFarBYBv-mQ3aLxNEnTAnblGK2thSsO8vQ/sendMessage?chat_id=1891775258
Targets
-
-
Target
36b6d1ea82820b0b1675694e3b78bd3e9de13b63e499dcc938fdac27302e57f8.exe
-
Size
924KB
-
MD5
91d746da30c1d26be52dc2fa20041e24
-
SHA1
88352a9821c7514e4a98d5feca3023f333889019
-
SHA256
36b6d1ea82820b0b1675694e3b78bd3e9de13b63e499dcc938fdac27302e57f8
-
SHA512
edee8656aa9b359aabe3622685bc46e32056f0e67fcd2cf6f7570800ab5ae8d792aa73a695132f14cff635cd4c30a7e9e4e87cd471450d9d99073e9cad9c1068
-
SSDEEP
24576:mUNz9YzLaNbzwkzvqNGuEnpTywl+fCNJ8vqb:xmLUwgvAGuEh6fCY
Score10/10-
Detect ZGRat V1
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-