zgrat | d90447e02d86b3b7243f34abdebc6d9b918d3405b5091a4e7af3b24db63d7a7d | Triage

Submit
Reports

Overview

overview

Static

static

d90447e02d...7d.exe

windows7-x64

d90447e02d...7d.exe

windows10-2004-x64

Sharing

General

Target

d90447e02d86b3b7243f34abdebc6d9b918d3405b5091a4e7af3b24db63d7a7d.exe
Size

484KB
Sample

240101-ygwzmageem
MD5

b7b5b344c954ff3001df527a1cafeb14
SHA1

51bdf2a31e5dd5408f3dcc6f195142ff68ddeb95
SHA256

d90447e02d86b3b7243f34abdebc6d9b918d3405b5091a4e7af3b24db63d7a7d
SHA512

40cfab33285325859dc28f833d1acae839d27621a36503f6653442368e9131a0c0846b15c52298ea28c41d7e906c8bf68abf28935751fa1e6c70594eaa1fdc1a
SSDEEP

6144:djTnt5sJVZWFMqpmUbdfcPGalT/9oXT+akWoA5P4JnTrRFucI2XFDL2gEX:djTLskMqpmkdE1lz9o/X50Trjn1eh

Score

10^/10

zgrat discovery rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d90447e02d86b3b7243f34abdebc6d9b918d3405b5091a4e7af3b24db63d7a7d.exe

Resource

win7-20231215-en

zgrat discovery rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d90447e02d86b3b7243f34abdebc6d9b918d3405b5091a4e7af3b24db63d7a7d.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  d90447e02d86b3b7243f34abdebc6d9b918d3405b5091a4e7af3b24db63d7a7d.exe
- Size
  
  484KB
- MD5
  
  b7b5b344c954ff3001df527a1cafeb14
- SHA1
  
  51bdf2a31e5dd5408f3dcc6f195142ff68ddeb95
- SHA256
  
  d90447e02d86b3b7243f34abdebc6d9b918d3405b5091a4e7af3b24db63d7a7d
- SHA512
  
  40cfab33285325859dc28f833d1acae839d27621a36503f6653442368e9131a0c0846b15c52298ea28c41d7e906c8bf68abf28935751fa1e6c70594eaa1fdc1a
- SSDEEP
  
  6144:djTnt5sJVZWFMqpmUbdfcPGalT/9oXT+akWoA5P4JnTrRFucI2XFDL2gEX:djTLskMqpmkdE1lz9o/X50Trjn1eh
Score

10^/10

zgrat discovery rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratdiscoveryratspywarestealer

behavioral2

© 2018-2025

Terms | Privacy