General
-
Target
840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054
-
Size
476KB
-
Sample
240424-3xc9nsbh3s
-
MD5
7e96921cd827a9fb6ccf08238422aa51
-
SHA1
db02dd72c96efffd83e4dbda2390dd0a28df66fa
-
SHA256
840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054
-
SHA512
1932fa7243bd8ad02d13fe6cd0bfd9a0e724c38f977909b4ebffda14fa98c2d1a26cb75166ef3206f95abf08f3356a519ec7252f84a23c9feea52c51e163652f
-
SSDEEP
6144:7hW0aGa2aE6wcZKKVv+YRoRH/XQ3zpKYyusjUNV8NI1izEoUdsTu4hsaKqbICP:7h9aGhQ/7pVR6fXKlCu3vgQizK64oECP
Static task
static1
Behavioral task
behavioral1
Sample
840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054
-
Size
476KB
-
MD5
7e96921cd827a9fb6ccf08238422aa51
-
SHA1
db02dd72c96efffd83e4dbda2390dd0a28df66fa
-
SHA256
840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054
-
SHA512
1932fa7243bd8ad02d13fe6cd0bfd9a0e724c38f977909b4ebffda14fa98c2d1a26cb75166ef3206f95abf08f3356a519ec7252f84a23c9feea52c51e163652f
-
SSDEEP
6144:7hW0aGa2aE6wcZKKVv+YRoRH/XQ3zpKYyusjUNV8NI1izEoUdsTu4hsaKqbICP:7h9aGhQ/7pVR6fXKlCu3vgQizK64oECP
-
Detect ZGRat V1
-
SectopRAT payload
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-