General
-
Target
db537a09e0185f8b941af6a5d2ceda40.exe
-
Size
596KB
-
Sample
240514-fdd1jabg78
-
MD5
db537a09e0185f8b941af6a5d2ceda40
-
SHA1
8747013070a23b3d9dd386c1baab0cb79cff3786
-
SHA256
2a111b1a6650ea6e6b369583f8afe1bf8c5bb6164cb12f8e833d0638c1c2deaf
-
SHA512
1ecd816a35c50ccbb78a3911d517fe292c4ac8431cc54446ffd3136657dc0d1cc793800c5c5bef31cd76847c0c2cf1968c87f68b841a4bd245e1ced7ab3a37c7
-
SSDEEP
12288:Z48Xz4N3jJuKiMGejML/ldDKdgM/pMp00TIhmP8mWdCcLxUX0M39F+n:ePNT0KR/MqdgMhr6IhmkmWXuEM3Cn
Static task
static1
Behavioral task
behavioral1
Sample
db537a09e0185f8b941af6a5d2ceda40.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
db537a09e0185f8b941af6a5d2ceda40.exe
-
Size
596KB
-
MD5
db537a09e0185f8b941af6a5d2ceda40
-
SHA1
8747013070a23b3d9dd386c1baab0cb79cff3786
-
SHA256
2a111b1a6650ea6e6b369583f8afe1bf8c5bb6164cb12f8e833d0638c1c2deaf
-
SHA512
1ecd816a35c50ccbb78a3911d517fe292c4ac8431cc54446ffd3136657dc0d1cc793800c5c5bef31cd76847c0c2cf1968c87f68b841a4bd245e1ced7ab3a37c7
-
SSDEEP
12288:Z48Xz4N3jJuKiMGejML/ldDKdgM/pMp00TIhmP8mWdCcLxUX0M39F+n:ePNT0KR/MqdgMhr6IhmkmWXuEM3Cn
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-