General

  • Target

    0137f4f30e2a209a4c724fb24d30053e.bin

  • Size

    5.1MB

  • Sample

    240503-bcnfcsda53

  • MD5

    d0599df3f38b3ccb779e8d499cdc9f52

  • SHA1

    363f92d9daef402257136f2e0b7fe9d567187d6d

  • SHA256

    06b72f8a6cc5f369e9b2aed8ccdf9508df76847d3d1db8d60f9e117965a2d9a0

  • SHA512

    4331c84d5df668cb1a0b4f50d45927f69bf920b20c2b7d1c3e7e655bad07418403538fd91419e3d01198ad496ec60333db8dc7b10cbbe6e4df124c434c0d0c63

  • SSDEEP

    98304:3NWhtCz/gt3mk2xY7jIM3bbMd0sqEIY29h1W3ozhzI87TQisXfsA1UXmK:302A2jxAj5LbMdlq2U1TW8HQjLUXmK

Score
10/10

Malware Config

Targets

    • Target

      9196c33d47bc1528ea02d002a5d36c7cdde619d8f0530a7508e06ca58b742bc0.exe

    • Size

      5.5MB

    • MD5

      0137f4f30e2a209a4c724fb24d30053e

    • SHA1

      02a53be826023dfde1d3a23417f28f2b1f2ed0ba

    • SHA256

      9196c33d47bc1528ea02d002a5d36c7cdde619d8f0530a7508e06ca58b742bc0

    • SHA512

      8b111420ca219afa75315cae6ab2318812a08c76bed328d7688947c5a79c710989d93bab3bdeeb62e45bf7d1d8e12680372fa199096ca5ffcaa27dbc9a14ae1b

    • SSDEEP

      98304:ihENTkgdAHO1XvXs0Vaw/Q4fXuEXBv6xuDKf1xkA/YwrLfDmt11yXZB7/:hf2HOZx8cBvq3RnzmtjyXZF/

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks