Overview

overview

10

Static

static

1

everything...w1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MDE_File_Sample_898e72ef70fb158f9ef2207742cefe81a0686613.zip

  • Size

    1.2MB

  • Sample

    240507-k18kwahf7y

  • MD5

    ce0aef19417870dad61c7981d0371502

  • SHA1

    599eafa7617c69cfb808cf58b6285922171e6dfb

  • SHA256

    c050f0a929c48bcb8ff8ec31feb5b8a7193806361ceeb46841799fac99c28217

  • SHA512

    3416da908a70425985c5f9dd83e847bc777d03efe47b57d4d63908e72c50b15e756684f019921c77d1cf4e21adea04d3b6c98ded05c82389623a42a4e4275ff6

  • SSDEEP

    24576:L9pMVJu8+UT6EnmYLH02ZX8MRmO+IDeDe1EgRZXY34fTaCZ:L9mVA8+e6BIrZ1X+ieD6EgRxPffZ

Score
10/10
cobaltstrikezgratbackdoorrattrojan

Malware Config

Targets

    • Target

      everything-1.4.1.1024-installer_ppkp-w1.exe

    • Size

      1.7MB

    • MD5

      c959c7ae98cc10045f70a8d005f549b5

    • SHA1

      898e72ef70fb158f9ef2207742cefe81a0686613

    • SHA256

      e6c461d42b45ac1c6e09c3719040c9fffe955fc6211416b5a97aa366a5004cbf

    • SHA512

      6d99dafc86ce5145370e62fbc5c119cd74de41a557d63d79a911986a53381799e25567c7d534479c2ec15164e7fa6bb7d977e78862d8497b0f85bfa56329c711

    • SSDEEP

      24576:n7FUDowAyrTVE3U5F/nAZWZATqmM+LBcPU9USgIrCjwyX7yzrcl:nBuZrEUFA3VLWUeSajwW

    Score
    10/10
    cobaltstrikezgratbackdoorrattrojan

    • Cobalt Strike reflective loader

      Detects the reflective loader used by Cobalt Strike.

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks