General
-
Target
ISetup5.exe
-
Size
405KB
-
Sample
240425-c96hwaec3v
-
MD5
b7fd7c85753b04c6810386bd2e7a9fd1
-
SHA1
18ef95885240bfb8904cb3401f86188ca4f9ef85
-
SHA256
dc587a9ed463a0a34ce6a2970152679be7e271562ebadbcceadc3a60c6727b5d
-
SHA512
c503fe696a9cc44819dc9994911d689cb18e68705c1f387c0fce5ac143aa829ad0a5e0f04c6b181179e4da558f7a799bab4bc83a36c85185cc99ef7a0962a8f2
-
SSDEEP
6144:6lvgNss1kOj6Ljn7bgDKzgH3SYfmwdG2mFdEL4tOJDsJ:6lvgmaeH4KzgXxfFGDdELuOJDsJ
Static task
static1
Behavioral task
behavioral1
Sample
ISetup5.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
ISetup5.exe
-
Size
405KB
-
MD5
b7fd7c85753b04c6810386bd2e7a9fd1
-
SHA1
18ef95885240bfb8904cb3401f86188ca4f9ef85
-
SHA256
dc587a9ed463a0a34ce6a2970152679be7e271562ebadbcceadc3a60c6727b5d
-
SHA512
c503fe696a9cc44819dc9994911d689cb18e68705c1f387c0fce5ac143aa829ad0a5e0f04c6b181179e4da558f7a799bab4bc83a36c85185cc99ef7a0962a8f2
-
SSDEEP
6144:6lvgNss1kOj6Ljn7bgDKzgH3SYfmwdG2mFdEL4tOJDsJ:6lvgmaeH4KzgXxfFGDdELuOJDsJ
-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-