General

  • Target

    F.U.N.zip

  • Size

    3.0MB

  • Sample

    240503-wxfw8sch21

  • MD5

    1ec76f4189d5dbb8d86fb80a199d8ca1

  • SHA1

    d25860a7438eb078f3e3aba3b6531be012e7663f

  • SHA256

    0cc3c39dfc7fac9faca0c2cabc1ea2ecc088829830990be44e3c9ba5c535d9b6

  • SHA512

    b12140a844272e8ed6e5c77a77a8694ecd75b44ef0e3879d6fa360727b9b0faddbe5ee5d00e83751a28be47f816941fe639a82352780b704a1c7c75cc6178da1

  • SSDEEP

    49152:HBxwvFEQQ0gF6m5cSwJryUoP7zUzRyUBm6UFHtVgG9ALaPTDgfxyWiPpc1lFE0:hxwrQ0gpTJPczoU3iHtVgG9qViu1lFE0

Score
10/10

Malware Config

Targets

    • Target

      F.U.N/cheeto.exe

    • Size

      3.0MB

    • MD5

      632fcfbf9ea6627a14148fc9be7e57ad

    • SHA1

      3084eecf983a1269cb8356f28610b5c0fd5cd085

    • SHA256

      0bb9ffe495c5e90d85cad236732ac57455863a32c545af312df46f7b9b274397

    • SHA512

      75829c8f2f1645e73199ada15d89ce13e025ec994bad742a18bfd824ac1b2602e82781918090784bf37682c68f49b3e6f18fdd5c8301f803233fdff140357191

    • SSDEEP

      49152:gBxwvFEQQ0gF6m5cSwJryUoP7zUzRyUBm6UFHtVgG9ALaPTDgfxyWiPpc1lFE+:6xwrQ0gpTJPczoU3iHtVgG9qViu1lFE+

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks