General
-
Target
2c69efb5dbbf183c881d780a5a115cf7_JaffaCakes118
-
Size
452KB
-
Sample
240510-am9kxaah38
-
MD5
2c69efb5dbbf183c881d780a5a115cf7
-
SHA1
898b22dcd207b6a8d9e9035f1fe0b41b0092cc1f
-
SHA256
6c837712d79a2e35466da0fc55cfcc3d6ac53cfa9128093edae2a14903eac342
-
SHA512
c231c8bd865b1ffa87d6986c3989268ff94919c868816a24285d2f72ae083a5b8299b000057202c7b4708edc2489129125af0c02dcea5320abd9cd6f4e78e3f0
-
SSDEEP
12288:rO15Pyr8/YYGgwoOcMwtB8iwYO+UVxLZGd8mKh:6+S4gwXw8hxL4d8
Malware Config
Targets
-
-
Target
2c69efb5dbbf183c881d780a5a115cf7_JaffaCakes118
-
Size
452KB
-
MD5
2c69efb5dbbf183c881d780a5a115cf7
-
SHA1
898b22dcd207b6a8d9e9035f1fe0b41b0092cc1f
-
SHA256
6c837712d79a2e35466da0fc55cfcc3d6ac53cfa9128093edae2a14903eac342
-
SHA512
c231c8bd865b1ffa87d6986c3989268ff94919c868816a24285d2f72ae083a5b8299b000057202c7b4708edc2489129125af0c02dcea5320abd9cd6f4e78e3f0
-
SSDEEP
12288:rO15Pyr8/YYGgwoOcMwtB8iwYO+UVxLZGd8mKh:6+S4gwXw8hxL4d8
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-