General

  • Target

    15052024_1245_Cognex 3512C Doc.js

  • Size

    7KB

  • Sample

    240515-py4w5aab74

  • MD5

    c8b4efbf7ede4e5741be5e2ae2462b3b

  • SHA1

    dc077b682365eef97c0ced977916fcb117743cf6

  • SHA256

    deec2bd866af640bcaecd5357f54da87dd045c8017a8f8a76ac0068ce43eebaa

  • SHA512

    eb98175eb0486b17ac217e5380ec771666d176fde50a3ecf416aafb2cef7b0e91ec8386417519b51f69fa381834571fbaae1f92a9baec0dc53d80515da5446d6

  • SSDEEP

    192:pRn5hokWxcYy0AkSsDX5VF30Ver0O86+ISMquF4dOryL:fnckWx2kSsDX5P3L7+ISMq24dOryL

Malware Config

Targets

    • Target

      15052024_1245_Cognex 3512C Doc.js

    • Size

      7KB

    • MD5

      c8b4efbf7ede4e5741be5e2ae2462b3b

    • SHA1

      dc077b682365eef97c0ced977916fcb117743cf6

    • SHA256

      deec2bd866af640bcaecd5357f54da87dd045c8017a8f8a76ac0068ce43eebaa

    • SHA512

      eb98175eb0486b17ac217e5380ec771666d176fde50a3ecf416aafb2cef7b0e91ec8386417519b51f69fa381834571fbaae1f92a9baec0dc53d80515da5446d6

    • SSDEEP

      192:pRn5hokWxcYy0AkSsDX5VF30Ver0O86+ISMquF4dOryL:fnckWx2kSsDX5P3L7+ISMq24dOryL

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks