zgrat | 4ec050b4dfd931ed6d30256b3ed1d042f313860da23e7ca064aaf95ad83e257e | Triage

Submit
Reports

Overview

overview

Static

static

1

681ecd41ed...d6.exe

windows7-x64

681ecd41ed...d6.exe

windows10-2004-x64

1

Sharing

General

Target

681ecd41ed50e6b0ae4470991cd4a0d6.exe
Size

36KB
Sample

240428-t8talacc8z
MD5

681ecd41ed50e6b0ae4470991cd4a0d6
SHA1

0e5981933d18a50a8424700305420f492a71aafe
SHA256

4ec050b4dfd931ed6d30256b3ed1d042f313860da23e7ca064aaf95ad83e257e
SHA512

f0cb5e0adc627732c0e87b43173a7d0e14f3fe037505ca03f13b24b4d1fcc0a6085bb74d4b84c87c79caea264a6bf1991e9a43d9879737b8602e1179ef0e2769
SSDEEP

384:2QbMkYQbSKDQbkoKDVbJdpGKDGPGAttNyb8E9VF6IYinAM+oP9YkB/5OtMh:fIZA39EPGQJEpYinAMxhBTh

Score

10^/10

zgrat rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

681ecd41ed50e6b0ae4470991cd4a0d6.exe

Resource

win7-20240221-en

zgrat rat spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

681ecd41ed50e6b0ae4470991cd4a0d6.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  681ecd41ed50e6b0ae4470991cd4a0d6.exe
- Size
  
  36KB
- MD5
  
  681ecd41ed50e6b0ae4470991cd4a0d6
- SHA1
  
  0e5981933d18a50a8424700305420f492a71aafe
- SHA256
  
  4ec050b4dfd931ed6d30256b3ed1d042f313860da23e7ca064aaf95ad83e257e
- SHA512
  
  f0cb5e0adc627732c0e87b43173a7d0e14f3fe037505ca03f13b24b4d1fcc0a6085bb74d4b84c87c79caea264a6bf1991e9a43d9879737b8602e1179ef0e2769
- SSDEEP
  
  384:2QbMkYQbSKDQbkoKDVbJdpGKDGPGAttNyb8E9VF6IYinAM+oP9YkB/5OtMh:fIZA39EPGQJEpYinAMxhBTh
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

© 2018-2024

Terms | Privacy