General
-
Target
HSY#41YAS_38A92D4D_3SH72AHD_38A92N_AOKC3928.exe
-
Size
279KB
-
Sample
240419-k56l3sde27
-
MD5
9c1be0ced582f3668473504b88e48cd8
-
SHA1
1b314d7c3883fd6694e378228cf6f55a8037cbb4
-
SHA256
154ec6d918a0ab2013142569ccea54cc00094e762a2e07a2d74a3c999c45737c
-
SHA512
f1e160443240a1cd7c3bd34313a1538e0f7ab52c11a96780081dee6258b53f4d783090e6d8ed6b0a42b491e714ab8b8757e12a87000ca8b3ce6158418a0ca06b
-
SSDEEP
6144:54E6JRqVYtRqQuMXfbHbfWOv7NnKlPkF7u5WNCmMcNeh/9LXEHP:54EVURlrf7vFCP1+Neh/JUv
Static task
static1
Behavioral task
behavioral1
Sample
HSY#41YAS_38A92D4D_3SH72AHD_38A92N_AOKC3928.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
HSY#41YAS_38A92D4D_3SH72AHD_38A92N_AOKC3928.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
HSY#41YAS_38A92D4D_3SH72AHD_38A92N_AOKC3928.exe
-
Size
279KB
-
MD5
9c1be0ced582f3668473504b88e48cd8
-
SHA1
1b314d7c3883fd6694e378228cf6f55a8037cbb4
-
SHA256
154ec6d918a0ab2013142569ccea54cc00094e762a2e07a2d74a3c999c45737c
-
SHA512
f1e160443240a1cd7c3bd34313a1538e0f7ab52c11a96780081dee6258b53f4d783090e6d8ed6b0a42b491e714ab8b8757e12a87000ca8b3ce6158418a0ca06b
-
SSDEEP
6144:54E6JRqVYtRqQuMXfbHbfWOv7NnKlPkF7u5WNCmMcNeh/9LXEHP:54EVURlrf7vFCP1+Neh/JUv
-
Detect ZGRat V1
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
d968cb2b98b83c03a9f02dd9b8df97dc
-
SHA1
d784c9b7a92dce58a5038beb62a48ff509e166a0
-
SHA256
a4ec98011ef99e595912718c1a1bf1aa67bfc2192575729d42f559d01f67b95c
-
SHA512
2ee41dc68f329a1519a8073ece7d746c9f3bf45d8ef3b915deb376af37e26074134af5f83c8af0fe0ab227f0d1acca9f37e5ca7ae37c46c3bcc0331fe5e2b97e
-
SSDEEP
192:CVA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:CrR7SrtTv53tdtTgwF4SQbGPX36wJMw
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1