General
-
Target
F.U.N.zip
-
Size
3.0MB
-
Sample
240503-wxfw8sch21
-
MD5
1ec76f4189d5dbb8d86fb80a199d8ca1
-
SHA1
d25860a7438eb078f3e3aba3b6531be012e7663f
-
SHA256
0cc3c39dfc7fac9faca0c2cabc1ea2ecc088829830990be44e3c9ba5c535d9b6
-
SHA512
b12140a844272e8ed6e5c77a77a8694ecd75b44ef0e3879d6fa360727b9b0faddbe5ee5d00e83751a28be47f816941fe639a82352780b704a1c7c75cc6178da1
-
SSDEEP
49152:HBxwvFEQQ0gF6m5cSwJryUoP7zUzRyUBm6UFHtVgG9ALaPTDgfxyWiPpc1lFE0:hxwrQ0gpTJPczoU3iHtVgG9qViu1lFE0
Static task
static1
Behavioral task
behavioral1
Sample
F.U.N/cheeto.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
F.U.N/cheeto.exe
-
Size
3.0MB
-
MD5
632fcfbf9ea6627a14148fc9be7e57ad
-
SHA1
3084eecf983a1269cb8356f28610b5c0fd5cd085
-
SHA256
0bb9ffe495c5e90d85cad236732ac57455863a32c545af312df46f7b9b274397
-
SHA512
75829c8f2f1645e73199ada15d89ce13e025ec994bad742a18bfd824ac1b2602e82781918090784bf37682c68f49b3e6f18fdd5c8301f803233fdff140357191
-
SSDEEP
49152:gBxwvFEQQ0gF6m5cSwJryUoP7zUzRyUBm6UFHtVgG9ALaPTDgfxyWiPpc1lFE+:6xwrQ0gpTJPczoU3iHtVgG9qViu1lFE+
-
Detect ZGRat V1
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-