General
-
Target
6dd4003c624b28e3a59d3eb12c626ed53ad3c33dee309aba6d89e7d572f1f62f
-
Size
1.1MB
-
Sample
240512-b4dp8sde32
-
MD5
47536e7af4e011a8a1abfcf35ccf9af5
-
SHA1
c34672a1e201033acac6094ba51351666854c0c8
-
SHA256
6dd4003c624b28e3a59d3eb12c626ed53ad3c33dee309aba6d89e7d572f1f62f
-
SHA512
4eb5ab74444145c64acec7d7398ad2fd97cbce109753614e58245746b36ae835a98321a8940cde861de161fdb9c73e688280156514fc1c9706f2dfce6788485a
-
SSDEEP
12288:NjnUlzpA5wzd0R7crTSQ+4NNricVcdwdajrk5dfQvZl4MDB7Y5u8oxHTOqkrx:NrUlz10R7cXIbjqfIvVxHTOqk
Malware Config
Extracted
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
*@amsltds.com - Password:
Loveme2000$
Targets
-
-
Target
6dd4003c624b28e3a59d3eb12c626ed53ad3c33dee309aba6d89e7d572f1f62f
-
Size
1.1MB
-
MD5
47536e7af4e011a8a1abfcf35ccf9af5
-
SHA1
c34672a1e201033acac6094ba51351666854c0c8
-
SHA256
6dd4003c624b28e3a59d3eb12c626ed53ad3c33dee309aba6d89e7d572f1f62f
-
SHA512
4eb5ab74444145c64acec7d7398ad2fd97cbce109753614e58245746b36ae835a98321a8940cde861de161fdb9c73e688280156514fc1c9706f2dfce6788485a
-
SSDEEP
12288:NjnUlzpA5wzd0R7crTSQ+4NNricVcdwdajrk5dfQvZl4MDB7Y5u8oxHTOqkrx:NrUlz10R7cXIbjqfIvVxHTOqk
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-