General
-
Target
331067058c60a0f4e1c320337a04dbb8_JaffaCakes118
-
Size
367KB
-
Sample
240511-gmxpnshb21
-
MD5
331067058c60a0f4e1c320337a04dbb8
-
SHA1
713651134025167027d53341cb501864946085d1
-
SHA256
7d5c7b9ca5886fe043b5edd22511b9939aba31fc576125061718de7e1c713e1c
-
SHA512
7c374fdfbcf3ab0c5b6f4707e19e5c56e01c47f7ab5423ff78d53a228125bdf14209086996cdc8d2e15dc720eec05fc0c1d25a79ba8708f705f956f64eea1052
-
SSDEEP
6144:J01aCuilYtU2Vvf+cEvM0nzdg4u/w6bTkNl63dVClsIJtCBo8tuf2QX5f681ZG9:MYU2Z+cEvM8zLqbTkP6tI2I2BoXuQB6
Malware Config
Targets
-
-
Target
331067058c60a0f4e1c320337a04dbb8_JaffaCakes118
-
Size
367KB
-
MD5
331067058c60a0f4e1c320337a04dbb8
-
SHA1
713651134025167027d53341cb501864946085d1
-
SHA256
7d5c7b9ca5886fe043b5edd22511b9939aba31fc576125061718de7e1c713e1c
-
SHA512
7c374fdfbcf3ab0c5b6f4707e19e5c56e01c47f7ab5423ff78d53a228125bdf14209086996cdc8d2e15dc720eec05fc0c1d25a79ba8708f705f956f64eea1052
-
SSDEEP
6144:J01aCuilYtU2Vvf+cEvM0nzdg4u/w6bTkNl63dVClsIJtCBo8tuf2QX5f681ZG9:MYU2Z+cEvM8zLqbTkP6tI2I2BoXuQB6
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-