General
-
Target
69c10e8fa7d800c4a24b36dffec2cea7
-
Size
2.4MB
-
Sample
240120-hh7vhsdebk
-
MD5
69c10e8fa7d800c4a24b36dffec2cea7
-
SHA1
07bea76542382f9613d4de5da9b36abb3276988d
-
SHA256
562720cf37245f6bdf71692343b7d7ccc2187e45979e957b86407a21aa83854c
-
SHA512
4cd0dbb29192a8ebc31abd673aa7983a6e2f24e89cc684fb720777aaf5a692010c6f800e1f50b9ffbc9dea397d97a91118a0325cfc4337d83cb2296a6b68bd6f
-
SSDEEP
49152:IzecMn91vjBteouiARLrW8oj12yoYBGfUjAIgX2z2r:gu9dNtb4nWpjIYBCv9
Malware Config
Targets
-
-
Target
69c10e8fa7d800c4a24b36dffec2cea7
-
Size
2.4MB
-
MD5
69c10e8fa7d800c4a24b36dffec2cea7
-
SHA1
07bea76542382f9613d4de5da9b36abb3276988d
-
SHA256
562720cf37245f6bdf71692343b7d7ccc2187e45979e957b86407a21aa83854c
-
SHA512
4cd0dbb29192a8ebc31abd673aa7983a6e2f24e89cc684fb720777aaf5a692010c6f800e1f50b9ffbc9dea397d97a91118a0325cfc4337d83cb2296a6b68bd6f
-
SSDEEP
49152:IzecMn91vjBteouiARLrW8oj12yoYBGfUjAIgX2z2r:gu9dNtb4nWpjIYBCv9
Score10/10-
Detect ZGRat V1
-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-