General
-
Target
F120BA47FC16392DF01B1E947C7BD6D9.exe
-
Size
5.7MB
-
Sample
240428-cl9wdsec7t
-
MD5
f120ba47fc16392df01b1e947c7bd6d9
-
SHA1
4bf7e0d57c6aab657a2f93d7c66670b4d0d0ca21
-
SHA256
afa08d81487ba3c82f2b672aa340d78f7841090804de82846e3c6ec5244f239c
-
SHA512
f7ee529db6aca5525626b74cbe2eacc6871f58e6c41742c4d47cbf61ba6a7dc74d828b3b0f039a234f5560e8f53348104e6f182cf61656775f00d73769a9cdb6
-
SSDEEP
24576:J5BM3YIzE0+l8T8/7Vzy8/PoUNjmo59k1UWAaL511wElDeQpx1K:J5BWt8j9hdvKDfucz
Malware Config
Targets
-
-
Target
F120BA47FC16392DF01B1E947C7BD6D9.exe
-
Size
5.7MB
-
MD5
f120ba47fc16392df01b1e947c7bd6d9
-
SHA1
4bf7e0d57c6aab657a2f93d7c66670b4d0d0ca21
-
SHA256
afa08d81487ba3c82f2b672aa340d78f7841090804de82846e3c6ec5244f239c
-
SHA512
f7ee529db6aca5525626b74cbe2eacc6871f58e6c41742c4d47cbf61ba6a7dc74d828b3b0f039a234f5560e8f53348104e6f182cf61656775f00d73769a9cdb6
-
SSDEEP
24576:J5BM3YIzE0+l8T8/7Vzy8/PoUNjmo59k1UWAaL511wElDeQpx1K:J5BWt8j9hdvKDfucz
Score10/10-
Detect ZGRat V1
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-