General
-
Target
1c32ad6528891fdda5b9605d6ff5963b8b47d431b11a2252837e29f67bfd3b1d
-
Size
1.4MB
-
Sample
240510-kr7l8ade8v
-
MD5
b43a05bb4ae21cc7fa1f60dee06b45f4
-
SHA1
5e94c9a0d858765726c4e3692c261502dae18af4
-
SHA256
1c32ad6528891fdda5b9605d6ff5963b8b47d431b11a2252837e29f67bfd3b1d
-
SHA512
571acf3399c57167f7569cacb6b9a7d22c9603b21bdae8d094b38e89a190191a981987d8c492e2ece3d27202e30ffe8bb3c80b544704ef8c79ab1586eba70113
-
SSDEEP
24576:7dxk6IU+gdnKvY8qTZ1SWvJZJCl3SMgI58BcGg2cvGj81rQGXg7SxhEEEEEEEEEI:7QVgda6Z1zYl3SMgGCcGg2cvGj81rQGV
Malware Config
Extracted
Protocol: smtp- Host:
sslout.de - Port:
587 - Username:
[email protected] - Password:
dataset123
Targets
-
-
Target
doc023561361500__079422732__202410502__000023.pdf.exe
-
Size
897KB
-
MD5
7d3c29dcdf50082543dcc15e2258dc35
-
SHA1
f608850779d56d5c398f595ee805f200fbdd3153
-
SHA256
cdc1aa78c777e437a8945a500650fd6fbee46ece9f29537566dbd7ea13d21978
-
SHA512
ce0aff6614d7d89d3acc7a7c06647ef599aa7381e014c754ec80e51dc12ede5f23b54c29468f31b811372b15a299e2d3b0cbbf971b2c0dde9e1daf366de7ed66
-
SSDEEP
24576:2dxk6IU+gdnKvY8qTZ1SWvJZJCl3SMgI58BcGg2cvGj81rQGXg7SxhEEEEEEEEEI:2QVgda6Z1zYl3SMgGCcGg2cvGj81rQGV
Score10/10-
Detect ZGRat V1
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-