General
-
Target
05488f673ffd2063badad75aaa0f7d83.exe
-
Size
3.5MB
-
Sample
240420-d5xwlsgb7t
-
MD5
05488f673ffd2063badad75aaa0f7d83
-
SHA1
15d293a62da1a91cd85fa617c49ec37457ed5c2b
-
SHA256
d3fdc737b6c67b92e239b72492106972d4d599fb0b6aa83e0b5de1cba771c3ad
-
SHA512
37708b31c9228394b92478f5faded17cdf1f5f21e01cb7bacc4eb9120e125f9edd49a7c7bfa0599e796eabe3678049c1ecade6b3f2ed313df8ceb251fa0715ee
-
SSDEEP
49152:d1ulnlc/xDeUV383YfuoZpLuqBtk1EjPj4xyJ+JgM2wKwK4CiQvCyBQU00:d1ul2pSnYWoTyqI6E4AKuBKjJQUz
Behavioral task
behavioral1
Sample
05488f673ffd2063badad75aaa0f7d83.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
05488f673ffd2063badad75aaa0f7d83.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
05488f673ffd2063badad75aaa0f7d83.exe
-
Size
3.5MB
-
MD5
05488f673ffd2063badad75aaa0f7d83
-
SHA1
15d293a62da1a91cd85fa617c49ec37457ed5c2b
-
SHA256
d3fdc737b6c67b92e239b72492106972d4d599fb0b6aa83e0b5de1cba771c3ad
-
SHA512
37708b31c9228394b92478f5faded17cdf1f5f21e01cb7bacc4eb9120e125f9edd49a7c7bfa0599e796eabe3678049c1ecade6b3f2ed313df8ceb251fa0715ee
-
SSDEEP
49152:d1ulnlc/xDeUV383YfuoZpLuqBtk1EjPj4xyJ+JgM2wKwK4CiQvCyBQU00:d1ul2pSnYWoTyqI6E4AKuBKjJQUz
Score10/10-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1