Overview

overview

10

Static

static

10

3b2fd6cfa2...4f.exe

windows7-x64

10

3b2fd6cfa2...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b2fd6cfa20b53ed6d5d55c97ba3884f

  • Size

    1.5MB

  • Sample

    231231-13skfahed7

  • MD5

    3b2fd6cfa20b53ed6d5d55c97ba3884f

  • SHA1

    a19518b371bc708790bab3f3769d9472559a7de5

  • SHA256

    9258fb579d6597ae1cb061dc2dfcd3fdbc6d689f4844bae159bb3f75b9c1b8f6

  • SHA512

    339b9da108e46690d2c3363c8bedd1bb1f05b6e538b4befc49a44955a3a7f337a4f3e8605b42a15ac1ab36834318e7a82de191d759c05c6291d0551591551f73

  • SSDEEP

    24576:ox1k70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqD8kgbS:ox1kQTA5Qw7CSikJo54clgLH+tkWJ0Zb

Score
10/10
echelonzgratratspywarestealer

Malware Config

Targets

    • Target

      3b2fd6cfa20b53ed6d5d55c97ba3884f

    • Size

      1.5MB

    • MD5

      3b2fd6cfa20b53ed6d5d55c97ba3884f

    • SHA1

      a19518b371bc708790bab3f3769d9472559a7de5

    • SHA256

      9258fb579d6597ae1cb061dc2dfcd3fdbc6d689f4844bae159bb3f75b9c1b8f6

    • SHA512

      339b9da108e46690d2c3363c8bedd1bb1f05b6e538b4befc49a44955a3a7f337a4f3e8605b42a15ac1ab36834318e7a82de191d759c05c6291d0551591551f73

    • SSDEEP

      24576:ox1k70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqD8kgbS:ox1kQTA5Qw7CSikJo54clgLH+tkWJ0Zb

    Score
    10/10
    echelonzgratratspywarestealer

    • Detect ZGRat V1

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks