General
-
Target
ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8
-
Size
452KB
-
Sample
240419-fdmyfahb93
-
MD5
0e8c36de609e9f14fa5e252bf1ea50fc
-
SHA1
0df4f278f5a46de8731e28da183db9fb09e9e107
-
SHA256
ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8
-
SHA512
29ed696d3750b0382dd56105593083c2e7bd899934300aad14c23a2272cf47b1402a1831b5ed63ec2a7dd76d88207996df420f6e8b3818efbcaed75ae9296781
-
SSDEEP
12288:OYjr6I3yAhgYF24G17ITsVqpmPAUdXIma:OqM4G1ka2Umma
Static task
static1
Behavioral task
behavioral1
Sample
ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8
-
Size
452KB
-
MD5
0e8c36de609e9f14fa5e252bf1ea50fc
-
SHA1
0df4f278f5a46de8731e28da183db9fb09e9e107
-
SHA256
ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8
-
SHA512
29ed696d3750b0382dd56105593083c2e7bd899934300aad14c23a2272cf47b1402a1831b5ed63ec2a7dd76d88207996df420f6e8b3818efbcaed75ae9296781
-
SSDEEP
12288:OYjr6I3yAhgYF24G17ITsVqpmPAUdXIma:OqM4G1ka2Umma
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-