General
-
Target
dcf22da8ea10781b56794a28ec64503e41bb32648ab56e9d6a86040eb3bbaf15
-
Size
406KB
-
Sample
240425-ev5zxafc5v
-
MD5
12825ab5c0692e852c2c3907f85dd143
-
SHA1
91b44cf5a49cb87471b25e1ecf7273a8d72e058a
-
SHA256
dcf22da8ea10781b56794a28ec64503e41bb32648ab56e9d6a86040eb3bbaf15
-
SHA512
c2f38703c968bb2119a3e0a58393494ca43c3c4719b1cf76440c3850e95404bd22bf092e0c2ecd55765c46ef816124557448f42e581d5799a1dc84d1b4e6bd1c
-
SSDEEP
6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrY:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrY
Static task
static1
Behavioral task
behavioral1
Sample
dcf22da8ea10781b56794a28ec64503e41bb32648ab56e9d6a86040eb3bbaf15.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
dcf22da8ea10781b56794a28ec64503e41bb32648ab56e9d6a86040eb3bbaf15
-
Size
406KB
-
MD5
12825ab5c0692e852c2c3907f85dd143
-
SHA1
91b44cf5a49cb87471b25e1ecf7273a8d72e058a
-
SHA256
dcf22da8ea10781b56794a28ec64503e41bb32648ab56e9d6a86040eb3bbaf15
-
SHA512
c2f38703c968bb2119a3e0a58393494ca43c3c4719b1cf76440c3850e95404bd22bf092e0c2ecd55765c46ef816124557448f42e581d5799a1dc84d1b4e6bd1c
-
SSDEEP
6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrY:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrY
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-