General
-
Target
75552440685c9dc4644df81c7e365370_NeikiAnalytics
-
Size
7.5MB
-
Sample
240510-fkr6qscc3t
-
MD5
75552440685c9dc4644df81c7e365370
-
SHA1
0935691adc68a97a6a677c3fa8751568b04b383e
-
SHA256
f079f9374811130ef9b4df4ecb0d7b70cc253c2df7774ddb3f13363797f52124
-
SHA512
74dd580f6f2ef2ca8b193d7d522034f1f2235cd95e176c646cf4aab4d975567fa096d3b66fa6df15e89abad5361e6b3812ea51df68e47e90d6fcc1fc6c50ed45
-
SSDEEP
98304:3h5cyZ/K9NFLsO0MJdX1ezhQcSZcOb+sX1Zvbed4Z0FGRABTgtse6vzovkGx:3h5lZ/WFAnMJdehQcERCsXDjyZkJMY
Malware Config
Targets
-
-
Target
75552440685c9dc4644df81c7e365370_NeikiAnalytics
-
Size
7.5MB
-
MD5
75552440685c9dc4644df81c7e365370
-
SHA1
0935691adc68a97a6a677c3fa8751568b04b383e
-
SHA256
f079f9374811130ef9b4df4ecb0d7b70cc253c2df7774ddb3f13363797f52124
-
SHA512
74dd580f6f2ef2ca8b193d7d522034f1f2235cd95e176c646cf4aab4d975567fa096d3b66fa6df15e89abad5361e6b3812ea51df68e47e90d6fcc1fc6c50ed45
-
SSDEEP
98304:3h5cyZ/K9NFLsO0MJdX1ezhQcSZcOb+sX1Zvbed4Z0FGRABTgtse6vzovkGx:3h5lZ/WFAnMJdehQcERCsXDjyZkJMY
Score10/10-
Detect ZGRat V1
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-