General
-
Target
a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4
-
Size
1.5MB
-
Sample
240129-bhsx2aegb5
-
MD5
4dd426b5b9cb7f9bb7a1b1c057a0c951
-
SHA1
a6f9518d57d3a0fa683fb23842870d25f6b79133
-
SHA256
a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4
-
SHA512
6eaf6ac8186d57dd3a6190fcc556686a9069c776118e4f55ebfb5361cb2b9e317eb7b9c67062f15a93d755ff01bc5563d18fd4453049e7347f16609b32d07d36
-
SSDEEP
24576:3hAk70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRo:OkQTA5Qw7CSikJo54clgLH+tkWJ0NC
Malware Config
Targets
-
-
Target
a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4
-
Size
1.5MB
-
MD5
4dd426b5b9cb7f9bb7a1b1c057a0c951
-
SHA1
a6f9518d57d3a0fa683fb23842870d25f6b79133
-
SHA256
a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4
-
SHA512
6eaf6ac8186d57dd3a6190fcc556686a9069c776118e4f55ebfb5361cb2b9e317eb7b9c67062f15a93d755ff01bc5563d18fd4453049e7347f16609b32d07d36
-
SSDEEP
24576:3hAk70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRo:OkQTA5Qw7CSikJo54clgLH+tkWJ0NC
Score10/10-
Detect ZGRat V1
-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-