zgrat | 84713aa9c504e1e41b1fb05b4443d88045964ef157b3b7982c8606b848fcfb11 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84713aa9c504e1e41b1fb05b4443d88045964ef157b3b.exe
Size

2.3MB
Sample

240104-28414aedc9
MD5

037949445f001bdf36221ac7706d6c08
SHA1

e569b6fe33005da318b299d1d4217676134a437f
SHA256

84713aa9c504e1e41b1fb05b4443d88045964ef157b3b7982c8606b848fcfb11
SHA512

d8dcc6951d5078fb052f7f66ec458ed83f319258a624b30cda432ce284e0de206947f3cf541207db211fda1480f41001c15817aabd9658bdc9669b8db99f641b
SSDEEP

24576:khpvA1hjmzG0wefmNIkjC646slkl19sCkfTfE/NGXdQGwct2pohPYIh:Eo1hjl0wDWkj1elkl1A7EEGFE3

Score

10^/10

zgrat rat spyware

Malware Config

Targets

- Target
  
  84713aa9c504e1e41b1fb05b4443d88045964ef157b3b.exe
- Size
  
  2.3MB
- MD5
  
  037949445f001bdf36221ac7706d6c08
- SHA1
  
  e569b6fe33005da318b299d1d4217676134a437f
- SHA256
  
  84713aa9c504e1e41b1fb05b4443d88045964ef157b3b7982c8606b848fcfb11
- SHA512
  
  d8dcc6951d5078fb052f7f66ec458ed83f319258a624b30cda432ce284e0de206947f3cf541207db211fda1480f41001c15817aabd9658bdc9669b8db99f641b
- SSDEEP
  
  24576:khpvA1hjmzG0wefmNIkjC646slkl19sCkfTfE/NGXdQGwct2pohPYIh:Eo1hjl0wDWkj1elkl1A7EEGFE3
Score

10^/10

zgrat rat spyware
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

zgratratspyware