General
-
Target
ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612
-
Size
395KB
-
Sample
240425-3vqrzsgd22
-
MD5
8913a1b91d8ea62c00be520d1f15203a
-
SHA1
d3f32b92c23130967f4072bd1e0787bf98e9ff16
-
SHA256
ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612
-
SHA512
37b13153c125a78c42fb108bbbddd89c207190663f72b880806843490695b8242db16ccb681dceff501ab66b9bd67eefd9d52a6022da14ad1f98cf2fabe1c0d9
-
SSDEEP
6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rPP:bHf/KpmaKQAJ5BQsCqtxP
Static task
static1
Behavioral task
behavioral1
Sample
ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612
-
Size
395KB
-
MD5
8913a1b91d8ea62c00be520d1f15203a
-
SHA1
d3f32b92c23130967f4072bd1e0787bf98e9ff16
-
SHA256
ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612
-
SHA512
37b13153c125a78c42fb108bbbddd89c207190663f72b880806843490695b8242db16ccb681dceff501ab66b9bd67eefd9d52a6022da14ad1f98cf2fabe1c0d9
-
SSDEEP
6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rPP:bHf/KpmaKQAJ5BQsCqtxP
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-