General
-
Target
d80b81d4a3a0f965adbcb1ea21761d8d6a30488cbe85fd21ae6de5aef0bc1af1
-
Size
395KB
-
Sample
240426-al5kkagd5s
-
MD5
08637606df32a5b722f0dce222403dc2
-
SHA1
c976c59baaa07e683f38d6ed29d9b2721682cab4
-
SHA256
d80b81d4a3a0f965adbcb1ea21761d8d6a30488cbe85fd21ae6de5aef0bc1af1
-
SHA512
4e0541ead8b039c1b52f7007962634303d2e762d03e47c29cea4566c48ec117e10263a900fc598664bb9a2e7ad09835d109a2bec7b0611b7ef332c59f21623c2
-
SSDEEP
6144:P29OmUzW8qsGKCjyUeQ3KSJJHr1kWhr12uKej6RCM+8RPK:P2R67JCeU13K8JH1ZFKej/81K
Static task
static1
Behavioral task
behavioral1
Sample
d80b81d4a3a0f965adbcb1ea21761d8d6a30488cbe85fd21ae6de5aef0bc1af1.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
d80b81d4a3a0f965adbcb1ea21761d8d6a30488cbe85fd21ae6de5aef0bc1af1
-
Size
395KB
-
MD5
08637606df32a5b722f0dce222403dc2
-
SHA1
c976c59baaa07e683f38d6ed29d9b2721682cab4
-
SHA256
d80b81d4a3a0f965adbcb1ea21761d8d6a30488cbe85fd21ae6de5aef0bc1af1
-
SHA512
4e0541ead8b039c1b52f7007962634303d2e762d03e47c29cea4566c48ec117e10263a900fc598664bb9a2e7ad09835d109a2bec7b0611b7ef332c59f21623c2
-
SSDEEP
6144:P29OmUzW8qsGKCjyUeQ3KSJJHr1kWhr12uKej6RCM+8RPK:P2R67JCeU13K8JH1ZFKej/81K
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-