General
-
Target
rbxfpsunlocker-master.zip
-
Size
315KB
-
Sample
240512-wvzlkahg5v
-
MD5
5367e91fd373c1e1acf743fed00cf478
-
SHA1
57e1887389a1ac4852500ce0882b0ebcae06748f
-
SHA256
decaab89b5d7945dc59b18f066f110abeeb15d524e51099c2576309f599eadce
-
SHA512
0512f5f6293da5b04ffffb1ade0a5c89c13ea1a5a1be704eed12d3480d1c4886baed5912a5d141f1bb50c21135aa3537de3ce87bc5d85075cd65fdcbf342feab
-
SSDEEP
6144:5bbQTmQH0JT0kHka2MZNKMTDRQSHwU/wyCG8Pbz6x0XP0cs3V:Z50kHkL6NKQ+AxZabux0XP1sF
Malware Config
Targets
-
-
Target
rbxfpsunlocker-master/Source/main.cpp
-
Size
24KB
-
MD5
f47609c06001259a9e7604aefe5ac309
-
SHA1
2a6b276bcdce89c90c4e834068f054d1cf050847
-
SHA256
c390a2932a7862ba197615a88efd81243cea1ee6504a1a9f2d8910d13314addc
-
SHA512
78392ad8425f660b20d40f0f07edc173bf2c35e2bc77eea4cc6898c5328282de3aff3d21376c3d0f3788dabf63e1537d241a8c142a511911b29fa35fe9c0165d
-
SSDEEP
768:wUnxL4yzwGbeTdtycu+/N8yrQeloNho7hHmgLVLgJ:wUn54yz5av/aoFT5u
Score3/10 -
-
-
Target
rbxfpsunlocker-master/Source/procutil.cpp
-
Size
5KB
-
MD5
8fb70f08715462425f71d95fd2bf098c
-
SHA1
05287585bf86cde2ebaf2c13c8219dfc21b4c922
-
SHA256
c34bc37be9d6c6f2cf36d072cc7f7695d31939dc50ce8ee1b27ea904473c3639
-
SHA512
cae27be30b51b768a54ad70a30294e2f6608ff72d02dc5799614172d8576bc5e722f0d1a0f363c29684fb5396b0fce68f66c9fd0e32497b07ed677705d0dfaa0
-
SSDEEP
96:SNzr4K/nILApISLo9jz6QAd2JzNMeleub7It3:6zrv/AAp7QAd2Rlllb7e
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
-
-
Target
rbxfpsunlocker-master/Source/settings.cpp
-
Size
5KB
-
MD5
7022d3bb7d4e45ae9810a78c0664da81
-
SHA1
41c25ab64826981a8079630612abd314e4651ce6
-
SHA256
e666ceb100138b3eb17973db9f0c9263f01dc936f91863757e2f02e6833fffca
-
SHA512
d87ad5839c2f6239b4cf5adf60481361e68c02ece4287eee7b2fd6aaa0f89f847f9d144861da6c2da29066ee9073d6114703c97b176c9567b447b91821d14c34
-
SSDEEP
96:NvnDJnzTByJcfJKvHimE8kQj3wgjoISLySgcjs3y6:59nzOqKK3nXgMIyQcY3T
Score3/10 -