General

  • Target

    IPlookup.exe

  • Size

    7.4MB

  • Sample

    240503-2fzkxaba26

  • MD5

    58d61b76f78353094bf4088451d199aa

  • SHA1

    4481213bd99fa5dd8a53a6f71ab8883091dbb639

  • SHA256

    c54def823ce80606fdc5712fa9d5dfc4aca7ef808bf6b28668c7c73248d4bbfb

  • SHA512

    e36604981fda20a06ff647cba2e750e6182c0a52eaad7266f44f7f391094841ba844b94ac851957d2203ec54b5fc89d6865f22d829511b9927c57d4f1296e6da

  • SSDEEP

    196608:hJrzUtnLdNERjB6yM+KriWRMCTktEIoAOm:LrzUJR6pBRqrikktWA/

Score
10/10

Malware Config

Targets

    • Target

      IPlookup.exe

    • Size

      7.4MB

    • MD5

      58d61b76f78353094bf4088451d199aa

    • SHA1

      4481213bd99fa5dd8a53a6f71ab8883091dbb639

    • SHA256

      c54def823ce80606fdc5712fa9d5dfc4aca7ef808bf6b28668c7c73248d4bbfb

    • SHA512

      e36604981fda20a06ff647cba2e750e6182c0a52eaad7266f44f7f391094841ba844b94ac851957d2203ec54b5fc89d6865f22d829511b9927c57d4f1296e6da

    • SSDEEP

      196608:hJrzUtnLdNERjB6yM+KriWRMCTktEIoAOm:LrzUJR6pBRqrikktWA/

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      stub-o.pyc

    • Size

      74KB

    • MD5

      5fb03b19062e84186da7cc0fbe5a200f

    • SHA1

      b5e91226f94e769578e025383cccc338c571e326

    • SHA256

      c2ddeb4703d9ff08678403ef4f7887f366a40f7280f7b6cc809e7af0453c9ee0

    • SHA512

      2cd82d37c0b88a0d287c4f8aa45e3b045008a3b64f42946fc43dfa43625e2155764c82962870bf7d891d8f66496667d23e766bb2ef3af8413c241cb5b9cf21e1

    • SSDEEP

      1536:EskXjjs103YkbECu5TyEP6s6zojuE/fOvlQey0JzwTWfhAjw9QV:Es6sXkMgvMjuAfqlQChwpjwKV

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks