zgrat | 610fcf9f81cac31fcd0ef2569daad2a4fd8a989d9295e663442a3049739f3395 | Triage

Submit
Reports

Overview

overview

Static

static

95D77ABC7F...2C.exe

windows7-x64

95D77ABC7F...2C.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

95D77ABC7FCC0ADCC0E1E14F92628D2C.exe
Size

3.6MB
Sample

240122-rtq6ksgggp
MD5

95d77abc7fcc0adcc0e1e14f92628d2c
SHA1

ff01b31a3e3c0ee13b60d6ace94f22dbc34d4548
SHA256

610fcf9f81cac31fcd0ef2569daad2a4fd8a989d9295e663442a3049739f3395
SHA512

3ce281fd730aa1ceef6fc308c90fab6c0f48e8ef3e61c1baf6ada36d10e4810707dcffb756364fcae1b73660e972418c67a4121cb8f67f4b1cab8b0238d0202b
SSDEEP

98304:twP52OwKRqyG3efsj6CGf2oP0xt+OtzWKUnVN:twPOws++oP0T+OQP

Score

10^/10

zgrat rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

95D77ABC7FCC0ADCC0E1E14F92628D2C.exe

Resource

win7-20231215-en

zgrat rat spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

95D77ABC7FCC0ADCC0E1E14F92628D2C.exe

Resource

win10v2004-20231215-en

zgrat rat spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  95D77ABC7FCC0ADCC0E1E14F92628D2C.exe
- Size
  
  3.6MB
- MD5
  
  95d77abc7fcc0adcc0e1e14f92628d2c
- SHA1
  
  ff01b31a3e3c0ee13b60d6ace94f22dbc34d4548
- SHA256
  
  610fcf9f81cac31fcd0ef2569daad2a4fd8a989d9295e663442a3049739f3395
- SHA512
  
  3ce281fd730aa1ceef6fc308c90fab6c0f48e8ef3e61c1baf6ada36d10e4810707dcffb756364fcae1b73660e972418c67a4121cb8f67f4b1cab8b0238d0202b
- SSDEEP
  
  98304:twP52OwKRqyG3efsj6CGf2oP0xt+OtzWKUnVN:twPOws++oP0T+OQP
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

zgratratspywarestealer

© 2018-2025

Terms | Privacy