General
-
Target
019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc
-
Size
395KB
-
Sample
240425-2zsayagb49
-
MD5
717a249e3a388cd338bc9ad2c725d7ef
-
SHA1
cce489562285eb3abdcf3090cf5068332a1e8fb4
-
SHA256
019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc
-
SHA512
6031b1580e3ab46d8c2e245a642c0b6c464919b76ef648ff8b7242d3bb34d6d7b4a88e6fd6b0f85d22d755c0124940c3472bdabc7472a1ff30c83f2997466a03
-
SSDEEP
6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd4:wPIER79VFXawc4DaDPCmAiz/UXzR4
Static task
static1
Behavioral task
behavioral1
Sample
019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc
-
Size
395KB
-
MD5
717a249e3a388cd338bc9ad2c725d7ef
-
SHA1
cce489562285eb3abdcf3090cf5068332a1e8fb4
-
SHA256
019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc
-
SHA512
6031b1580e3ab46d8c2e245a642c0b6c464919b76ef648ff8b7242d3bb34d6d7b4a88e6fd6b0f85d22d755c0124940c3472bdabc7472a1ff30c83f2997466a03
-
SSDEEP
6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd4:wPIER79VFXawc4DaDPCmAiz/UXzR4
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-