General
-
Target
e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad
-
Size
406KB
-
Sample
240425-exlztafb35
-
MD5
81ee2175e873d73c57134a68572c8173
-
SHA1
a64810aae620c47dc84ca2fbf8c886b99b8832fc
-
SHA256
e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad
-
SHA512
0937f915ae69d14012cdb31fe1d5905095b0236beeece60fc5bda6b5738b8b349852289cd4ac00f6d46ae825535e3146677ae01f971b99a592d5f68df3647d1c
-
SSDEEP
6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrd:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrd
Static task
static1
Behavioral task
behavioral1
Sample
e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad
-
Size
406KB
-
MD5
81ee2175e873d73c57134a68572c8173
-
SHA1
a64810aae620c47dc84ca2fbf8c886b99b8832fc
-
SHA256
e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad
-
SHA512
0937f915ae69d14012cdb31fe1d5905095b0236beeece60fc5bda6b5738b8b349852289cd4ac00f6d46ae825535e3146677ae01f971b99a592d5f68df3647d1c
-
SSDEEP
6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrd:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrd
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-