zgrat | 90e37120f871643e244d05b25538e1e2e1d25b8d778e2c70b16faf1e5af552d8 | Triage

Sharing

General

Target

Maple_1.92.zip
Size

2.0MB
Sample

240105-3dlfyacdhn
MD5

9d53dd91ca72f30a45425259753a4243
SHA1

dd3661e73099fe90af9a1d947119bdf6bc69b71c
SHA256

90e37120f871643e244d05b25538e1e2e1d25b8d778e2c70b16faf1e5af552d8
SHA512

934b11d53e0742d5b0ce267c7a80d250b58113846e4400222b8e02d38e7ab09611ef1a6a609550f701d2f861cbf7cf72f099c1a2cea66e3868c6848e3d7cbea8
SSDEEP

49152:vU/AUkfN65LVBAF13GIStKiOAkc1efEW95zpt8:c/XkfNFGBDgc1O9X8

Score

10^/10

zgrat discovery rat spyware stealer

Malware Config

Targets

- Target
  
  Maple 1.92/Maple192.exe
- Size
  
  660KB
- MD5
  
  a8ea2de85a8ee0f777bbfeb289465660
- SHA1
  
  033df554c3c5f7436560298a44082d7b51fe47bf
- SHA256
  
  512ebf3e392379dc7f08c8b20a4205096fbf0542e8d213c9f95354406d8d40d9
- SHA512
  
  207f9fd94dfb2cf549f3102ce45dbdc2fbe136eb7be7532cc8fc0136e93f11d1c8cc010b6e880283c6f145d692df46c0308123e98fa1052ad990807a050fe6de
- SSDEEP
  
  12288:NF+U6pymQZUtro2OxxjmCUkNfy0/iDl4v3KyoGPosSY0zCXFuZe8:NFOp9tEpCA90zlZh
Score

10^/10

zgrat discovery rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  Maple 1.92/inject.dll
- Size
  
  710KB
- MD5
  
  799a708c727e0b568fef2c33eb08f0c0
- SHA1
  
  9ebea706a1a247001ed271f75d25b1c7abcd190e
- SHA256
  
  0ae09488bc573d8418072fb0bddadf5b2d4b23abb4534382101485f3d5f41c84
- SHA512
  
  1038742b1642b791e69608f00dc6887e8243335568f27b845316e614aaba909f9cc2befcb29f37f3a8c85fcb0940b682277eeb91d45a989271d49ab5799185dc
- SSDEEP
  
  12288:URNm5/giQI3oF4WVmaCBvylXnWHtZ2rfqLf313AJ7IRdwhSd04/ORLhW:URNmJ6WvyJCtZ27u313EIwiORLI
Score

1^/10
behavioral3 behavioral4
- Target
  
  Maple 1.92/load.dll
- Size
  
  667KB
- MD5
  
  80f0d370a527d4d10bd1e78a42d93015
- SHA1
  
  c5cd80166ef3ca51300a5c6593adf5e5b2dab7f5
- SHA256
  
  e92d2fa8a26b88cf136c897692ed90728935a003b1e8d71bb96c31e379fffa65
- SHA512
  
  f4cac114417f8011a9e172152dd0ff42ca92ed3ad857cebb49b3cf3b0c24d1a20c5ab40e2b9ae057676e28ceeb209ef447ae908575c6bf6e01c9dd29754fe824
- SSDEEP
  
  12288:9i4Idp169W8FpJTtg1reve5GuAd+HX7UbSqMN3PJ7IRdwhS+nkHhu:9i4I0ZDDvqG+HXoRMN35IwEA
Score

1^/10
behavioral5 behavioral6
- Target
  
  Maple 1.92/prejit.dll
- Size
  
  6KB
- MD5
  
  a20d3d717deda051bb38fda5145bd929
- SHA1
  
  af378513f06e02478abaf80998b932d4c61f6bc0
- SHA256
  
  6b5f727da9216887ddb30bc94fc14de840dfbc2f29df118562662f8f2db3e92d
- SHA512
  
  f15d1ab5cec9b58f7b84c6f2a0cd7187ff926f2d00e402860d8d399adf9a445a55ad8a9de0f1c77d079c62c1dcde03ae0bdc78b5547845225bb3e6e0e5e8e06e
- SSDEEP
  
  96:2Gp6jABW0ifM9HzJ4dOtlcplXJVWl77hSFVe4lu6C2:2aekLtlKc7gFA40m
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratdiscoveryratspywarestealer

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8