General

  • Target

    c58af9384d71e33bae1d8a032d9e7b19

  • Size

    4.0MB

  • Sample

    231228-fnm17afga4

  • MD5

    c58af9384d71e33bae1d8a032d9e7b19

  • SHA1

    15bd308104a7b2d05ba9fd03b3a4c5410afabc56

  • SHA256

    77189b22dfb8238a4837f95e3283150bca8105d618cc421cde8170644bcf878b

  • SHA512

    ac80eb00dcf2aec8a56e071281030b9c3ec57460b2a2c59b8db43ce51a60465a419ed1e5f887d7e2d8b41c0aaca226244bb52e7c72cccf44f477fcdad03aa3e8

  • SSDEEP

    49152:PSzzgkLJWvg/RdFy7/QhWwALywBDyVt4kWzzwskrk4NZXuMk6o9ufAXV4AK:

Malware Config

Targets

    • Target

      c58af9384d71e33bae1d8a032d9e7b19

    • Size

      4.0MB

    • MD5

      c58af9384d71e33bae1d8a032d9e7b19

    • SHA1

      15bd308104a7b2d05ba9fd03b3a4c5410afabc56

    • SHA256

      77189b22dfb8238a4837f95e3283150bca8105d618cc421cde8170644bcf878b

    • SHA512

      ac80eb00dcf2aec8a56e071281030b9c3ec57460b2a2c59b8db43ce51a60465a419ed1e5f887d7e2d8b41c0aaca226244bb52e7c72cccf44f477fcdad03aa3e8

    • SSDEEP

      49152:PSzzgkLJWvg/RdFy7/QhWwALywBDyVt4kWzzwskrk4NZXuMk6o9ufAXV4AK:

    • Detect ZGRat V1

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks