Overview

overview

10

Static

static

3

2730556179...ll.exe

windows7-x64

10

2730556179...ll.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2730556179_House Airway Bill.exe

  • Size

    1.9MB

  • Sample

    240126-q5w1jagecp

  • MD5

    6f26e568af616ae12da210e338d15ad2

  • SHA1

    7145c6875f89f1881fb6564d49671e54a95287fb

  • SHA256

    fefc63a2948e070ff4447b44700b1a83eef1ab7607338e969e16859b69ab6b20

  • SHA512

    7c119d3ceab44f3e1c681278d8099f9b9a2f68ce14e3a543aacc689a5efc08e45784f27223061d494a459fbdfa790afee7faf523a60ffc7dbbdc30716d71fa2a

  • SSDEEP

    49152:+0Y9ZI3Ags+4+355EUcSbtpBSlNLUyvp2R:pYDIxsl+EUzbFqNpv4R

Score
10/10
zgratcollectionpersistenceratspywarestealer

Malware Config

Targets

    • Target

      2730556179_House Airway Bill.exe

    • Size

      1.9MB

    • MD5

      6f26e568af616ae12da210e338d15ad2

    • SHA1

      7145c6875f89f1881fb6564d49671e54a95287fb

    • SHA256

      fefc63a2948e070ff4447b44700b1a83eef1ab7607338e969e16859b69ab6b20

    • SHA512

      7c119d3ceab44f3e1c681278d8099f9b9a2f68ce14e3a543aacc689a5efc08e45784f27223061d494a459fbdfa790afee7faf523a60ffc7dbbdc30716d71fa2a

    • SSDEEP

      49152:+0Y9ZI3Ags+4+355EUcSbtpBSlNLUyvp2R:pYDIxsl+EUzbFqNpv4R

    Score
    10/10
    zgratcollectionpersistenceratspywarestealer

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks