General
-
Target
15052024_1245_Cognex 3512C Doc.js
-
Size
7KB
-
Sample
240515-py4w5aab74
-
MD5
c8b4efbf7ede4e5741be5e2ae2462b3b
-
SHA1
dc077b682365eef97c0ced977916fcb117743cf6
-
SHA256
deec2bd866af640bcaecd5357f54da87dd045c8017a8f8a76ac0068ce43eebaa
-
SHA512
eb98175eb0486b17ac217e5380ec771666d176fde50a3ecf416aafb2cef7b0e91ec8386417519b51f69fa381834571fbaae1f92a9baec0dc53d80515da5446d6
-
SSDEEP
192:pRn5hokWxcYy0AkSsDX5VF30Ver0O86+ISMquF4dOryL:fnckWx2kSsDX5P3L7+ISMq24dOryL
Malware Config
Targets
-
-
Target
15052024_1245_Cognex 3512C Doc.js
-
Size
7KB
-
MD5
c8b4efbf7ede4e5741be5e2ae2462b3b
-
SHA1
dc077b682365eef97c0ced977916fcb117743cf6
-
SHA256
deec2bd866af640bcaecd5357f54da87dd045c8017a8f8a76ac0068ce43eebaa
-
SHA512
eb98175eb0486b17ac217e5380ec771666d176fde50a3ecf416aafb2cef7b0e91ec8386417519b51f69fa381834571fbaae1f92a9baec0dc53d80515da5446d6
-
SSDEEP
192:pRn5hokWxcYy0AkSsDX5VF30Ver0O86+ISMquF4dOryL:fnckWx2kSsDX5P3L7+ISMq24dOryL
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-