General
-
Target
ISetup2.exe
-
Size
412KB
-
Sample
240419-dtvbcafb82
-
MD5
db549bf7b1403909f8cc9d199c0df2ce
-
SHA1
a19c7a98aab63e793bec2c62dc17d0cd8e9e62a0
-
SHA256
746bf7bf51a835dd5a31e5de08e37900e8c49a2b4f5dac494bd897385f21d9f4
-
SHA512
6e18623990df23f9d80e1f901519e728870ef5f79ee3583e6caaf9ca107c36d893f46eb70962df9180a05043e4b510786e6a553d92e9933cb18b01ea5ce346b2
-
SSDEEP
6144:te64OHLc0cFFQ4hGCAid5LQwpgJHkGNCcxAtrMMYX7XD/:TLc0cFFzwCAbdmkmMMQD/
Static task
static1
Behavioral task
behavioral1
Sample
ISetup2.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
ISetup2.exe
-
Size
412KB
-
MD5
db549bf7b1403909f8cc9d199c0df2ce
-
SHA1
a19c7a98aab63e793bec2c62dc17d0cd8e9e62a0
-
SHA256
746bf7bf51a835dd5a31e5de08e37900e8c49a2b4f5dac494bd897385f21d9f4
-
SHA512
6e18623990df23f9d80e1f901519e728870ef5f79ee3583e6caaf9ca107c36d893f46eb70962df9180a05043e4b510786e6a553d92e9933cb18b01ea5ce346b2
-
SSDEEP
6144:te64OHLc0cFFQ4hGCAid5LQwpgJHkGNCcxAtrMMYX7XD/:TLc0cFFzwCAbdmkmMMQD/
-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-