General
-
Target
b5829ea81cde8f48ba1190e20e6bb15d.exe
-
Size
2.0MB
-
Sample
240504-m44r7seg36
-
MD5
b5829ea81cde8f48ba1190e20e6bb15d
-
SHA1
51fbb15275360bbf2a866f339045527e941e1a85
-
SHA256
71d1f22830e0f40506171cda626891b4f954ec22f4a4cd0045b37f8d6c404451
-
SHA512
d84e43e6cf342d0e7696be6b1cbcf42dce5d1efe518f4949faa8841ee398a25a63a6e41440eb10ba0d276454ba73752c9ffb17eddbfd0813a636646663e26b4a
-
SSDEEP
49152:aaXI0V7PoU9lHrHmvtiLGMIqCGLhRSCquJnm:3Y0V7gU9l2tiLGVGLhRvquJnm
Static task
static1
Behavioral task
behavioral1
Sample
b5829ea81cde8f48ba1190e20e6bb15d.exe
Resource
win7-20240221-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
b5829ea81cde8f48ba1190e20e6bb15d.exe
-
Size
2.0MB
-
MD5
b5829ea81cde8f48ba1190e20e6bb15d
-
SHA1
51fbb15275360bbf2a866f339045527e941e1a85
-
SHA256
71d1f22830e0f40506171cda626891b4f954ec22f4a4cd0045b37f8d6c404451
-
SHA512
d84e43e6cf342d0e7696be6b1cbcf42dce5d1efe518f4949faa8841ee398a25a63a6e41440eb10ba0d276454ba73752c9ffb17eddbfd0813a636646663e26b4a
-
SSDEEP
49152:aaXI0V7PoU9lHrHmvtiLGMIqCGLhRSCquJnm:3Y0V7gU9l2tiLGVGLhRvquJnm
-
Detect ZGRat V1
-
Creates new service(s)
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-