outsteel | ffad5217eb782aced4ab2c746b49891b496e1b90331ca24186f8349a5fa71a28 | Triage

Submit
Reports

Overview

overview

Static

static

1

ffad5217eb...28.exe

windows7-x64

ffad5217eb...28.exe

windows10-2004-x64

Sharing

General

Target

ffad5217eb782aced4ab2c746b49891b496e1b90331ca24186f8349a5fa71a28
Size

938KB
Sample

240410-sjwhzscd86
MD5

d7510192dd826e6c63266ba412c4a8c6
SHA1

e51431ab4448d503db3d154d1da7bec25eb5aaac
SHA256

ffad5217eb782aced4ab2c746b49891b496e1b90331ca24186f8349a5fa71a28
SHA512

d73107b3f061d95a10f3e2ae025bfccad587866d4ccca8a71b31d51f34119d5127ed313a96ef3fe3421939ae871575d5e7ff7fd28eb9b2ddb3eef7f29c528ebc
SSDEEP

12288:xtkuv9tmvboNKAM9qPg6f0blJwoodEJLaCyi5yH6CxBX5evFmwEH07i2Yvf+vMM4:xtkuv9mENKAiGolJwooKJVyVBpeERjM4

Score

10^/10

outsteel zgrat rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ffad5217eb782aced4ab2c746b49891b496e1b90331ca24186f8349a5fa71a28.exe

Resource

win7-20240221-en

outsteel zgrat rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ffad5217eb782aced4ab2c746b49891b496e1b90331ca24186f8349a5fa71a28.exe

Resource

win10v2004-20240226-en

outsteel zgrat rat spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  ffad5217eb782aced4ab2c746b49891b496e1b90331ca24186f8349a5fa71a28
- Size
  
  938KB
- MD5
  
  d7510192dd826e6c63266ba412c4a8c6
- SHA1
  
  e51431ab4448d503db3d154d1da7bec25eb5aaac
- SHA256
  
  ffad5217eb782aced4ab2c746b49891b496e1b90331ca24186f8349a5fa71a28
- SHA512
  
  d73107b3f061d95a10f3e2ae025bfccad587866d4ccca8a71b31d51f34119d5127ed313a96ef3fe3421939ae871575d5e7ff7fd28eb9b2ddb3eef7f29c528ebc
- SSDEEP
  
  12288:xtkuv9tmvboNKAM9qPg6f0blJwoodEJLaCyi5yH6CxBX5evFmwEH07i2Yvf+vMM4:xtkuv9mENKAiGolJwooKJVyVBpeERjM4
Score

10^/10

outsteel zgrat rat spyware stealer
- Detect ZGRat V2
- OutSteel
  OutSteel is a file uploader and document stealer written in AutoIT.
  stealer outsteel
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

outsteelzgratratspywarestealer

behavioral2

outsteelzgratratspywarestealer

© 2018-2024

Terms | Privacy