zgrat | 487a543176a384b489baeac86827883be5228d292cb20fcb2c1b4352540e7ada | Triage

Submit
Reports

Overview

overview

Static

static

0c039ae079...3a.exe

windows7-x64

0c039ae079...3a.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0c039ae079103810c8ff4e3c1e1d143a.exe
Size

1.8MB
Sample

240124-zxqcfshab7
MD5

0c039ae079103810c8ff4e3c1e1d143a
SHA1

cdb01dcb9f6a8b93beffc3e84b37bbfdefb7c3fe
SHA256

487a543176a384b489baeac86827883be5228d292cb20fcb2c1b4352540e7ada
SHA512

532f66a722d7d4bd8dd310c82c3cdb714c2eb101431360a924f8cb4ff70d35d10507ac4d7282de8a01de139412d304f7aacb14a83e76d2d6ac97e9d57b573eb7
SSDEEP

49152:Hb5T1ce/1pn9efIo4VkJ8Y0h4hrmgql7h:Hx1pjsgVkJ8Yag

Score

10^/10

zgrat rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0c039ae079103810c8ff4e3c1e1d143a.exe

Resource

win7-20231129-en

zgrat rat spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0c039ae079103810c8ff4e3c1e1d143a.exe

Resource

win10v2004-20231215-en

zgrat rat spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0c039ae079103810c8ff4e3c1e1d143a.exe
- Size
  
  1.8MB
- MD5
  
  0c039ae079103810c8ff4e3c1e1d143a
- SHA1
  
  cdb01dcb9f6a8b93beffc3e84b37bbfdefb7c3fe
- SHA256
  
  487a543176a384b489baeac86827883be5228d292cb20fcb2c1b4352540e7ada
- SHA512
  
  532f66a722d7d4bd8dd310c82c3cdb714c2eb101431360a924f8cb4ff70d35d10507ac4d7282de8a01de139412d304f7aacb14a83e76d2d6ac97e9d57b573eb7
- SSDEEP
  
  49152:Hb5T1ce/1pn9efIo4VkJ8Y0h4hrmgql7h:Hx1pjsgVkJ8Yag
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

zgratratspywarestealer

© 2018-2025

Terms | Privacy