General

  • Target

    76fad3569cffe8e8d91bf06b545ec346

  • Size

    1.5MB

  • Sample

    240126-lb5y5abhaj

  • MD5

    76fad3569cffe8e8d91bf06b545ec346

  • SHA1

    1b5bf0f630c9c354d80caccf3e4a18342450197a

  • SHA256

    b5943edb5bc6de1fdcee0d555aafb3fcc2e6cdaaec8a5415caaada2328501e83

  • SHA512

    75ab8c69cb6a5b55656341cce8eaf654fd3a37b6b2e2ea48f1cafe4a8baf6efbca51c9bebc310564f60393cb56efa5f3a9176b1a6a1f6a1b0634e371b639424d

  • SSDEEP

    24576:Fo8k70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRRD:Fo8kQTA5Qw7CSikJo54clgLH+tkWJ0N7

Malware Config

Targets

    • Target

      76fad3569cffe8e8d91bf06b545ec346

    • Size

      1.5MB

    • MD5

      76fad3569cffe8e8d91bf06b545ec346

    • SHA1

      1b5bf0f630c9c354d80caccf3e4a18342450197a

    • SHA256

      b5943edb5bc6de1fdcee0d555aafb3fcc2e6cdaaec8a5415caaada2328501e83

    • SHA512

      75ab8c69cb6a5b55656341cce8eaf654fd3a37b6b2e2ea48f1cafe4a8baf6efbca51c9bebc310564f60393cb56efa5f3a9176b1a6a1f6a1b0634e371b639424d

    • SSDEEP

      24576:Fo8k70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRRD:Fo8kQTA5Qw7CSikJo54clgLH+tkWJ0N7

    • Detect ZGRat V1

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks