General
-
Target
0137f4f30e2a209a4c724fb24d30053e.bin
-
Size
5.1MB
-
Sample
240503-bcnfcsda53
-
MD5
d0599df3f38b3ccb779e8d499cdc9f52
-
SHA1
363f92d9daef402257136f2e0b7fe9d567187d6d
-
SHA256
06b72f8a6cc5f369e9b2aed8ccdf9508df76847d3d1db8d60f9e117965a2d9a0
-
SHA512
4331c84d5df668cb1a0b4f50d45927f69bf920b20c2b7d1c3e7e655bad07418403538fd91419e3d01198ad496ec60333db8dc7b10cbbe6e4df124c434c0d0c63
-
SSDEEP
98304:3NWhtCz/gt3mk2xY7jIM3bbMd0sqEIY29h1W3ozhzI87TQisXfsA1UXmK:302A2jxAj5LbMdlq2U1TW8HQjLUXmK
Static task
static1
Behavioral task
behavioral1
Sample
9196c33d47bc1528ea02d002a5d36c7cdde619d8f0530a7508e06ca58b742bc0.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
9196c33d47bc1528ea02d002a5d36c7cdde619d8f0530a7508e06ca58b742bc0.exe
-
Size
5.5MB
-
MD5
0137f4f30e2a209a4c724fb24d30053e
-
SHA1
02a53be826023dfde1d3a23417f28f2b1f2ed0ba
-
SHA256
9196c33d47bc1528ea02d002a5d36c7cdde619d8f0530a7508e06ca58b742bc0
-
SHA512
8b111420ca219afa75315cae6ab2318812a08c76bed328d7688947c5a79c710989d93bab3bdeeb62e45bf7d1d8e12680372fa199096ca5ffcaa27dbc9a14ae1b
-
SSDEEP
98304:ihENTkgdAHO1XvXs0Vaw/Q4fXuEXBv6xuDKf1xkA/YwrLfDmt11yXZB7/:hf2HOZx8cBvq3RnzmtjyXZF/
-
Detect ZGRat V1
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-