Overview

overview

10

Static

static

3

Vision Executor.exe

windows7-x64

10

Vision Executor.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Vision Executor.exe

  • Size

    250.0MB

  • Sample

    240113-fmblrsdag8

  • MD5

    e6d1edaa279158511b0d5771e65c63e4

  • SHA1

    a746890a77711c28949b922e0ef894b79e898efb

  • SHA256

    dc1c6ce161f6ef57c7b7756fb856c4420c1cb4df0f78dec2158c2d6dfb57c158

  • SHA512

    61c1869974ae6b1ad68e7bd676dbc68b3dcc92addec8b49f42ebd730bec347e7f7a4a3d0ac90a56c6b35b30bcb81dc36e49241b6042d2491f676c25d10b507ae

  • SSDEEP

    49152:njcYbf5n0h9DPI0V6jK+r6WyRtGQy6kq5vHhAY27DbEbT/N:w2U3+r6WyRt1xHr

Score
10/10
zgratratspyware

Malware Config

Targets

    • Target

      Vision Executor.exe

    • Size

      250.0MB

    • MD5

      e6d1edaa279158511b0d5771e65c63e4

    • SHA1

      a746890a77711c28949b922e0ef894b79e898efb

    • SHA256

      dc1c6ce161f6ef57c7b7756fb856c4420c1cb4df0f78dec2158c2d6dfb57c158

    • SHA512

      61c1869974ae6b1ad68e7bd676dbc68b3dcc92addec8b49f42ebd730bec347e7f7a4a3d0ac90a56c6b35b30bcb81dc36e49241b6042d2491f676c25d10b507ae

    • SSDEEP

      49152:njcYbf5n0h9DPI0V6jK+r6WyRtGQy6kq5vHhAY27DbEbT/N:w2U3+r6WyRt1xHr

    Score
    10/10
    zgratratspyware

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks