General

  • Target

    87c06023a062f0ae515fb03014748a0b51d5e8011f573073224728c6c942b89e.exe

  • Size

    409KB

  • Sample

    240503-b8wrlsec23

  • MD5

    06c758c576de9e18db3394f1044b27ae

  • SHA1

    083fd8b33d74e8b52e3847709b086166ba9d2eca

  • SHA256

    87c06023a062f0ae515fb03014748a0b51d5e8011f573073224728c6c942b89e

  • SHA512

    11b2941e01fc7e9eeb41a5975ac4d7917b594c53407ef8f849789cbd3586cebe3aaaab7b65a5cc6b5041f7841d43e4c5310acd083ec3de3676f2178011e2deae

  • SSDEEP

    6144:3fL+oq6TOjuB6K15Xlh+bPZdc2zrnFZY528PgBY+lxEe4ShVnZbXMQ3se:3fLD9B6UxlEPZ6KTLY8XEe4knZbX/3H

Malware Config

Targets

    • Target

      87c06023a062f0ae515fb03014748a0b51d5e8011f573073224728c6c942b89e.exe

    • Size

      409KB

    • MD5

      06c758c576de9e18db3394f1044b27ae

    • SHA1

      083fd8b33d74e8b52e3847709b086166ba9d2eca

    • SHA256

      87c06023a062f0ae515fb03014748a0b51d5e8011f573073224728c6c942b89e

    • SHA512

      11b2941e01fc7e9eeb41a5975ac4d7917b594c53407ef8f849789cbd3586cebe3aaaab7b65a5cc6b5041f7841d43e4c5310acd083ec3de3676f2178011e2deae

    • SSDEEP

      6144:3fL+oq6TOjuB6K15Xlh+bPZdc2zrnFZY528PgBY+lxEe4ShVnZbXMQ3se:3fLD9B6UxlEPZ6KTLY8XEe4knZbX/3H

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      ⠨/start.vbs

    • Size

      173B

    • MD5

      2fd98bad7e3e521d8a67acfa4a681a86

    • SHA1

      545fd01deb3a8cc9f605aa33ea2b060e9b904c5b

    • SHA256

      aa1ed4fef63aad3ca2461ab76ab18890bffb7554100bee65dd7665b213c25706

    • SHA512

      3aafad51333b06e31d4c6965f1b2d81f4e7d5ebd7334bec2ebbe648930154dfc34848d96a4cd27a43e3d709a0b4a24eb3d3bf77d91c10733975f9e95a24f44c8

    Score
    1/10
    • Target

      ⠨/temp.bat

    • Size

      381KB

    • MD5

      487351746395290271a9ef2025dd712e

    • SHA1

      53a70601117c9262ea5ba9f83b409278ec3af9cb

    • SHA256

      0012252b4890df66253e626518e2efe59900652e7dae02cb30bb7f4293d2e40e

    • SHA512

      d3820aea69d5a2357ce43dc1a6bb7218ef4754eb86699f668155b9fddfc499fe8e819141bab51c476a71ab4d7b0c5524bf0b5d745042461729d9c2e79afd522e

    • SSDEEP

      6144:ETT1aNvFdwOo6v5OfHPwaLm86CSVcTSbG8q+n/+EJVLdQHgJKU3:saLfo6xOfHFLWC3T/8rn/+qZQHgJKs

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks