zgrat

General

Target

56309013e03a789b632fcba8ad597c7c.bin
Size

3.0MB
Sample

231030-bywnvsab71
MD5

705f8c24bce9a1ef25e12736a60346e2
SHA1

709d14dcf0aa8de5e32baa8d6f9f6c8c7e22911b
SHA256

fb177086ac468f99df79709407302c22c9e9f810b0c7406f43e8b7605f407bd5
SHA512

679faa2f7168d1e4b4ca15e1e0400da0174fef950dc886912623ae80c67c8ca3e9de65aaa9c901a60c994794a87332e3d2b785ed5f514939e9796b126ca4c815
SSDEEP

49152:k4Fn6hrExpEYFpF1V6m9LZu60iVdrf2w2RZkhvMfFRE4Foqa/Kg363cp:zhqwDBDF1Em9LZ3qVZ8w4Woqa0u

Score

10^/10

Malware Config

Targets

- Target
  
  575d4d61e043f68fbc070d178284a2cacfb2ecaa0e352df98382e0fde7495f5f.exe
- Size
  
  4.3MB
- MD5
  
  56309013e03a789b632fcba8ad597c7c
- SHA1
  
  db3c9db10a06a2008473d56588b095a86585a721
- SHA256
  
  575d4d61e043f68fbc070d178284a2cacfb2ecaa0e352df98382e0fde7495f5f
- SHA512
  
  899f83ed79e8e8d042af61c345e0d2c78ac0c10c236a551b6717018830f12d1054d372d96ea1fbd41e3b0df10dfff1ad6b8976c84c19a153c8c6a7eb0bc39a35
- SSDEEP
  
  98304:qukQRR0kttJbYHP8KSaBRq4+gr++2fEzu6:HkWR0kdKPDSa3fr6f16
Score

10^/10

zgrat discovery rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

Deletes itself

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2