Overview

overview

10

Static

static

7

fac057dc68...18.exe

windows11-21h2-x64

10

Resubmissions

19-04-2024 21:21

240419-z7nllsgf5v 10

19-04-2024 21:20

240419-z64lfafh53 7

19-04-2024 21:18

240419-z5j6eage8t 10

19-04-2024 21:13

240419-z23hksfg44 10

19-04-2024 16:55

240419-vfky7aag3z 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fac057dc68332d738eada5babfaceb5c_JaffaCakes118

  • Size

    12.0MB

  • Sample

    240419-z5j6eage8t

  • MD5

    fac057dc68332d738eada5babfaceb5c

  • SHA1

    62123e334ab33ad09d31ecd8044a2db068ba5d92

  • SHA256

    ace697594ead47b6fe0d90fbf49988c2e082b11d0013620c2501a1759faef881

  • SHA512

    837b6203a22170bb7674f82a7b8b2cdfe35a948b2c0b8a1eef9f24ca156af29a91d294e183a4d69f3679d13c966b363cb1b2a22ceed8d3f8e4ef9c7fcf4e679e

  • SSDEEP

    196608:1YU+OqmD5Gi/hK6yZGDiztWxJjFMTfC3zvN4EG19DS5B49pIQuh8KJVlGJT9u/dZ:1YQqmD566y44Cj2A3ogqxtyHT/C8WVDw

Score
10/10
zgratevasionratthemidatrojan

Malware Config

Targets

    • Target

      fac057dc68332d738eada5babfaceb5c_JaffaCakes118

    • Size

      12.0MB

    • MD5

      fac057dc68332d738eada5babfaceb5c

    • SHA1

      62123e334ab33ad09d31ecd8044a2db068ba5d92

    • SHA256

      ace697594ead47b6fe0d90fbf49988c2e082b11d0013620c2501a1759faef881

    • SHA512

      837b6203a22170bb7674f82a7b8b2cdfe35a948b2c0b8a1eef9f24ca156af29a91d294e183a4d69f3679d13c966b363cb1b2a22ceed8d3f8e4ef9c7fcf4e679e

    • SSDEEP

      196608:1YU+OqmD5Gi/hK6yZGDiztWxJjFMTfC3zvN4EG19DS5B49pIQuh8KJVlGJT9u/dZ:1YQqmD566y44Cj2A3ogqxtyHT/C8WVDw

    Score
    10/10
    zgratevasionratthemidatrojan

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks