General
-
Target
dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9.exe
-
Size
2.2MB
-
Sample
240426-b1992aha41
-
MD5
2ad3527444357f19cd120fa1b8bd2f23
-
SHA1
ac986ab9967bc084565ed13aa9434eafcc6d4752
-
SHA256
dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9
-
SHA512
c4d0f3f1bc2c18d85454354c9c16484e948554a97676be16b05cfe82fbd2574c5b5b492ce386831996414adce54a5b04ac28b6be8594c880184eb24ae9ba2f42
-
SSDEEP
49152:HJ0TBxevspc1iFJsFhyDIIXoWNRsD10/x5X3lJmRkh:Hieva/FYOIIXo1DS/7FJ2
Static task
static1
Behavioral task
behavioral1
Sample
dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
asyncrat
0.5.8
Default
tomx.brasilia.me:6606
tomx.brasilia.me:7707
tomx.brasilia.me:8808
91.92.253.249:6606
91.92.253.249:7707
91.92.253.249:8808
vWKJAJDsDf09
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9.exe
-
Size
2.2MB
-
MD5
2ad3527444357f19cd120fa1b8bd2f23
-
SHA1
ac986ab9967bc084565ed13aa9434eafcc6d4752
-
SHA256
dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9
-
SHA512
c4d0f3f1bc2c18d85454354c9c16484e948554a97676be16b05cfe82fbd2574c5b5b492ce386831996414adce54a5b04ac28b6be8594c880184eb24ae9ba2f42
-
SSDEEP
49152:HJ0TBxevspc1iFJsFhyDIIXoWNRsD10/x5X3lJmRkh:Hieva/FYOIIXo1DS/7FJ2
Score10/10-
Detect ZGRat V1
-
Detects file containing reversed ASEP Autorun registry keys
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-