General
-
Target
pass_1se.zip
-
Size
749KB
-
Sample
240504-qf259ahg53
-
MD5
85b7d099665b1dcea3909c05d80cc8c7
-
SHA1
0aa4282ccc8e00f2191e639b2c44e79b9cb16bf0
-
SHA256
050b6a721da09e5106f29775f35aa3d8a9dd056681611edab626cdc214b82f32
-
SHA512
edb9aaf1cc1271a0629a183afcd6452b10e79afba24728c2cf3c8e2216153c5f749b4a8358d9a368f26ab3090941c654a58e105e8709de14a3aff781ee6207a3
-
SSDEEP
12288:z8xrwjczE5ZevNyz1I3SR4IZwXbScHbTk8TD1ar8Z3K7rwiPZ0yeuav96G3:IxNEfINyhI3S9ZwXDTk8T5NjiPZDoL
Static task
static1
Malware Config
Targets
-
-
Target
Installer.exe
-
Size
868KB
-
MD5
d798e214b68688388aa252758397cdb5
-
SHA1
049d6714f300b0ea83f7b416d58fda1ddd6a8393
-
SHA256
3b5c1b31a1440796a56d70ce1c046a67c5116790ca5f77bbce0698ed14ceb269
-
SHA512
f428807ba27fa6edba16295defb0a394cb0692d76851b1057f0774791ebab3c63eb7e2930472a044037769df42cbb63e2f20d319086aea8dfd6cfd274f3963e5
-
SSDEEP
24576:zgZXoZUTVdt7KWcgNshI3K3ZEXbTkaL5bjiPZ7ip:a8gNaI6pELL5PGZ2p
-
Detect ZGRat V1
-
StormKitty payload
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-