General
-
Target
3abf584e113bd3a4b209dfdfb9aaa128_JaffaCakes118
-
Size
627KB
-
Sample
240512-sk1t4abg51
-
MD5
3abf584e113bd3a4b209dfdfb9aaa128
-
SHA1
233deea53911a19d1e9bd2e01f9e1144cf5e6ca4
-
SHA256
c442c6a2438a5369b3e87a23f53a395de7dece116071fbc60dd307dde8d9eb99
-
SHA512
fc801ac447cb6526c3268c524ce0f1ed05733dd9aeb8cc52e06fd36d3bc218897422c61a1dd6bcdf0248d153d9f6bb564d047608a7ac1a422b6b927a3f5ffdc2
-
SSDEEP
12288:98Dsri92Fl77VCZzqnv5r+/6ibd4YFeNpUK4g056s:98gG92PKzk5r+/rgCJge6
Malware Config
Targets
-
-
Target
3abf584e113bd3a4b209dfdfb9aaa128_JaffaCakes118
-
Size
627KB
-
MD5
3abf584e113bd3a4b209dfdfb9aaa128
-
SHA1
233deea53911a19d1e9bd2e01f9e1144cf5e6ca4
-
SHA256
c442c6a2438a5369b3e87a23f53a395de7dece116071fbc60dd307dde8d9eb99
-
SHA512
fc801ac447cb6526c3268c524ce0f1ed05733dd9aeb8cc52e06fd36d3bc218897422c61a1dd6bcdf0248d153d9f6bb564d047608a7ac1a422b6b927a3f5ffdc2
-
SSDEEP
12288:98Dsri92Fl77VCZzqnv5r+/6ibd4YFeNpUK4g056s:98gG92PKzk5r+/rgCJge6
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-