General
-
Target
d3ee71a515d5d2e0cebe77b424085ed2185c0008857eaa62680d125828e30961
-
Size
2.2MB
-
Sample
240514-s4l52sdc65
-
MD5
1786c2303cfe0c8ee33bfbd782fd87b0
-
SHA1
4c23ed0c7efd03a814d33c470e4baa4cd7a73f59
-
SHA256
d3ee71a515d5d2e0cebe77b424085ed2185c0008857eaa62680d125828e30961
-
SHA512
17cc9c7259811e1ad9024d75cced0d1665256cff141432215c30291076f5f7dc5350c5155565c0c2644f809b4758c36a4f4811c3a8411b9f52df0bcd787d264e
-
SSDEEP
49152:zZJsYUJaVYwRP2JmqxhZw1DGuQB4nAHsuzMCujKVn8sNMQmpVnsYVMv2Aib:zZJ1k40mGnWDGptNwCpn8s2TsYj/b
Static task
static1
Behavioral task
behavioral1
Sample
369be61aca46750085c842147909f80c8f938555071adeaceac6727bfcf74186.exe
Resource
win7-20240419-en
Malware Config
Extracted
asyncrat
0.5.8
Default
5512.sytes.net:6606
5512.sytes.net:7707
5512.sytes.net:8808
95.211.208.153:6606
95.211.208.153:7707
95.211.208.153:8808
Llg9a02PERRO
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
369be61aca46750085c842147909f80c8f938555071adeaceac6727bfcf74186.exe
-
Size
2.3MB
-
MD5
a717a432c558f56c46709d6d3ec9837f
-
SHA1
ceda052be2519383085089a41c422ce2b1400a46
-
SHA256
369be61aca46750085c842147909f80c8f938555071adeaceac6727bfcf74186
-
SHA512
e859810a198b8b946581ed6197b1154856e736687dd593d383dc952a3afd597ed6b5a631a8e6b2228a425b809b772457e6e10e0ca6f68cd8f0a8cc637a81132c
-
SSDEEP
49152:T+GJaXbo4IKA2WN4M63n4dHzCJYU6Mm4/4w2RAObR8XlZrzyiko:TboxWN4UHzCJYCmX5w1ZXyik
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-