General
-
Target
892d1bd5b0c5dc59d8581b50352c061e2874bbfb819812a1a12439cfe504bc68
-
Size
395KB
-
Sample
240425-21h4nagb4t
-
MD5
a8f2c2dc53f8bd76ed060fa37cb9319f
-
SHA1
ba9fd09bc26a1912eb16f3413165f3c0c88c83cb
-
SHA256
892d1bd5b0c5dc59d8581b50352c061e2874bbfb819812a1a12439cfe504bc68
-
SHA512
168fc2c0a62669417c6e937f997ffbb5a8b447c52400e168821e5dab296b0af98c618c1ad451161d3dcce68cd798e0d5baa15dcdb50fce56cf2785b385bb1d50
-
SSDEEP
6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd1:wPIER79VFXawc4DaDPCmAiz/UXzR1
Static task
static1
Behavioral task
behavioral1
Sample
892d1bd5b0c5dc59d8581b50352c061e2874bbfb819812a1a12439cfe504bc68.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
892d1bd5b0c5dc59d8581b50352c061e2874bbfb819812a1a12439cfe504bc68
-
Size
395KB
-
MD5
a8f2c2dc53f8bd76ed060fa37cb9319f
-
SHA1
ba9fd09bc26a1912eb16f3413165f3c0c88c83cb
-
SHA256
892d1bd5b0c5dc59d8581b50352c061e2874bbfb819812a1a12439cfe504bc68
-
SHA512
168fc2c0a62669417c6e937f997ffbb5a8b447c52400e168821e5dab296b0af98c618c1ad451161d3dcce68cd798e0d5baa15dcdb50fce56cf2785b385bb1d50
-
SSDEEP
6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd1:wPIER79VFXawc4DaDPCmAiz/UXzR1
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-