Overview

overview

10

Static

static

3

SecuriteIn...58.exe

windows7-x64

10

SecuriteIn...58.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

  • Size

    5KB

  • Sample

    231211-exk3hsead4

  • MD5

    8b95800de56f2a64f7b7cd95e86dd589

  • SHA1

    3a686e8fb346f6e7ad07b2fb10fea1faaed887bd

  • SHA256

    d0f93d98529b19fc436ea00567f23e9e012d440669b8e728e17d8d8e20a147cd

  • SHA512

    35d3e9b4a18e118e0879f09c6ce9cb17cdb7f8af37e8b55858f331755a5f8fee71939a2e25ba0e152f353d4f434ae8f82e91fcbf2f6af892af6739451724b099

  • SSDEEP

    96:yLuDs+WNUUrytGdcsq+kdk4uo5tdf2zNt:yi3u+Ecmf4PPQ

Score
10/10
zgratcollectionpersistenceratspywarestealer

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

    • Size

      5KB

    • MD5

      8b95800de56f2a64f7b7cd95e86dd589

    • SHA1

      3a686e8fb346f6e7ad07b2fb10fea1faaed887bd

    • SHA256

      d0f93d98529b19fc436ea00567f23e9e012d440669b8e728e17d8d8e20a147cd

    • SHA512

      35d3e9b4a18e118e0879f09c6ce9cb17cdb7f8af37e8b55858f331755a5f8fee71939a2e25ba0e152f353d4f434ae8f82e91fcbf2f6af892af6739451724b099

    • SSDEEP

      96:yLuDs+WNUUrytGdcsq+kdk4uo5tdf2zNt:yi3u+Ecmf4PPQ

    Score
    10/10
    zgratcollectionpersistenceratspywarestealer

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks