General
-
Target
0d28c308c7d3af1f50a24cd98d59adbe.bin
-
Size
2.0MB
-
Sample
240425-bdc11scf2x
-
MD5
a686ae5fb7cd2a0877ec0f92c12061bd
-
SHA1
7dd4bbcbb1d5fd312d8f73cef06b4f0c347a845e
-
SHA256
c07294aa99fe30f42148639dc0507a724ae3593df186efa7652f08966aafa64b
-
SHA512
8f2d94fe0f360e71fbcfa206d012aef3ebcfc42a6003922053211688ed1179d04ed049c5e00ab7f2c5211cc9ee27da627b9ae2a81c3cd2c796b6fe5824e40c00
-
SSDEEP
49152:fbdTdEtd4bbrDCSyQYPeX84MeqKX7sGCgTRG:DVdKdAvyg0KX7sGr9G
Static task
static1
Behavioral task
behavioral1
Sample
f917cbb00490f27691097081db77cc38d0f776d374b2fbd40e4b592eeef578be.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
f917cbb00490f27691097081db77cc38d0f776d374b2fbd40e4b592eeef578be.exe
-
Size
3.9MB
-
MD5
0d28c308c7d3af1f50a24cd98d59adbe
-
SHA1
617eb940a77fffe2e8363f9a11430ebb56b4c988
-
SHA256
f917cbb00490f27691097081db77cc38d0f776d374b2fbd40e4b592eeef578be
-
SHA512
d71da6edef67bc977ac8564f75cc0e8cdd31c0a9b37253017122f522c4d2f1ece5d8a56642dab40e3d8651ad1d1233ba0a27f78a536ddf897ddd392dbebb5ae8
-
SSDEEP
49152:/YQ9p/TMILu3UAJvYIJ7PBJw47zI8gFEtYnEZhNa+uOTapp5pP7eoi:DpgQEZPPT4Yj
-
Detect ZGRat V1
-
Looks for VirtualBox Guest Additions in registry
-
XMRig Miner payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
6Virtualization/Sandbox Evasion
2