General
-
Target
clik.exe
-
Size
14.1MB
-
Sample
240430-rq7zxsaf55
-
MD5
a2db986f46fc915b6b9b65d0d8b2c92f
-
SHA1
2aca2a24c33ea49c99365438cf4eee6c42fa73ed
-
SHA256
53bcea75646e0a3ff08fea4990c0e3458eb5b518bfdd907444485499803ba25d
-
SHA512
3e7346aba18a18c0e2fcb57baf2822cca67da175c8b7dfd675b1b5cd78092051e7443eac156a954297c16623f9c74cad4347ef015682282bec57fb056435652d
-
SSDEEP
393216:PXIJM3GodH2ThNzd4VQpier42zXfDmITsttRugNId:fUuozdshA4iXf/iuFd
Static task
static1
Behavioral task
behavioral1
Sample
clik.exe
Resource
win10-20240404-en
Malware Config
Extracted
meduza
109.107.181.83
Targets
-
-
Target
clik.exe
-
Size
14.1MB
-
MD5
a2db986f46fc915b6b9b65d0d8b2c92f
-
SHA1
2aca2a24c33ea49c99365438cf4eee6c42fa73ed
-
SHA256
53bcea75646e0a3ff08fea4990c0e3458eb5b518bfdd907444485499803ba25d
-
SHA512
3e7346aba18a18c0e2fcb57baf2822cca67da175c8b7dfd675b1b5cd78092051e7443eac156a954297c16623f9c74cad4347ef015682282bec57fb056435652d
-
SSDEEP
393216:PXIJM3GodH2ThNzd4VQpier42zXfDmITsttRugNId:fUuozdshA4iXf/iuFd
Score10/10-
Detect ZGRat V1
-
Meduza Stealer payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-