General

  • Target

    d4a600901a6a14b13b019b17a2101aba.bin

  • Size

    2.6MB

  • Sample

    240503-b4l2lsea69

  • MD5

    5c5a4b6faff61a4582e26a4cbec431a8

  • SHA1

    f71a77c117e7390ed7e502f510f7ec73faf36a0b

  • SHA256

    7a03610f513776539f328030a72118e842cbaa46769905bcfe669f9f5d3590e6

  • SHA512

    098a502d182b4b3d65723c0652b4f86c4f411f5ed4c2d12d7430b7df53d72a607a7cc270a99bbb320a15a6083c1660f9da97fc07f368191ac5b85d2c93de363b

  • SSDEEP

    49152:5+VDDx7Ket4Z4HHkCBEI8k3ypnA8qOTlbBfvYS/CMsJrQS3pt2T:5hM46HTCsj8f35/IU

Score
10/10

Malware Config

Targets

    • Target

      c35426dfbfbf28bf2f408ed265f1a248d45c27d439f1b913fd7d4da299c284b9.exe

    • Size

      3.7MB

    • MD5

      d4a600901a6a14b13b019b17a2101aba

    • SHA1

      bcbb3a94fc0c8560580f32130f6f10e535ae205c

    • SHA256

      c35426dfbfbf28bf2f408ed265f1a248d45c27d439f1b913fd7d4da299c284b9

    • SHA512

      99b2573580b90eaf190818fad8310365c508468cbaebe197860ad8e037e72f604784e157245fc20413956fa6c55bf4643e3ebf279190324fb3eea7c7ad59091f

    • SSDEEP

      49152:a2C+Jdpu3bzRoFQBHHTRdGwdTNA3qENNLZsDlZbMSlraAyuO0Bm2rZKHt:

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks