Overview

overview

10

Static

static

3

Installati...01.exe

windows7-x64

10

Installati...01.exe

windows10-2004-x64

10

Installati...rd.exe

windows7-x64

10

Installati...rd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85c2cea09344869722a138cec119f904_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240531-c6fhaacc9w

  • MD5

    85c2cea09344869722a138cec119f904

  • SHA1

    47e5a6257bb6908af0ee297e7d58177116e04ce7

  • SHA256

    5da412b5aa207548d68fa0f885f3d84a724695068d2870e805620b2d1b73e3ae

  • SHA512

    752d0f9148f05b1769e6d9cc2a8b83d17304e184acc0d6c9a0a0734d6b22e427a7913a8b073c04b1c863316eddef01154719891a8a3e315ca49c5df76745fb7e

  • SSDEEP

    24576:FKBERDTc9JW3J/ujf7qYxHjwrKXjP6Oe5B11Gi9jD61oT2Uihr0YAKdhOvclQu:FMERnCJNRSU6OGT1h9tyrBRuv2Qu

Score
10/10
imminentzgratratspywaretrojan

Malware Config

Targets

    • Target

      Installation/Axbit-V3.01.exe

    • Size

      1.1MB

    • MD5

      ce4be6429c2a6a88188c433b8d859fe2

    • SHA1

      57a91c611ee2a77bf1c9fd4e7f3802f489e3410b

    • SHA256

      69568951fec54b4e4dc1a76dd06afa4f498a7c1249154aaec80b7aaaeba8e34d

    • SHA512

      421dcde7a3c77492f9c2f43a8968dfc779e88ad39346c4b245038dd1f1f267cd89de654c6db55c9653b11dadba8c2cc127b2b4fa956e3ca1563291358b4eb5ba

    • SSDEEP

      24576:yt5wBkE3BSWbzgLNmGjpcFgzPTP2ESTCwiGi96Y7xMMnW0L:DkSEWbzizjp7LTP2ZWh96UMMnWq

    Score
    10/10
    imminentzgratratspywaretrojan

    • Detect ZGRat V2

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Drops startup file

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Installation/Dashboard.exe

    • Size

      797KB

    • MD5

      c6bceda41c1b91a41580266791040953

    • SHA1

      71e6a1ae130d59544c6d5aa55d93f2c3f2a43ec9

    • SHA256

      c00aee7d19d7b5c2ca9d010fb1880393355f94a68431a5b53e974522d503f43e

    • SHA512

      13e59fb257bf0fa79d30c76cb62a3578314e6f4eb145bee63cda76a30682c9129c3330102d1cd50d39eb401966ba950cdf34c2dfee2e04d9356822b10ce162fb

    • SSDEEP

      12288:eWeEpn1XaCGOntOyRxso93CVOp667avGD52:eK0CPhQG3CT6IGD5

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks