Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9b30b6f64c83acbd8e77c7754037ef8143edd20fc836f9b664553dc77f89609e

  • Size

    449KB

  • Sample

    240417-sryy3sfc3z

  • MD5

    63b83e62f8b5add207ee77727669cc11

  • SHA1

    6dad92c566eec726d7ab1195a3ff99930a8f4d9a

  • SHA256

    9b30b6f64c83acbd8e77c7754037ef8143edd20fc836f9b664553dc77f89609e

  • SHA512

    17fa4562e84a69e1b0c8dafa33970f6e3fce26f80b0c70ba60b338a8e93583d3cdfcf7455f82030be2d4a29e0dbc4197bfa9d99154a648024869fd53929cb6af

  • SSDEEP

    6144:c3OVgg81NCoKajzyFBmCh4j1nhGWC11meyRBPH+fEB+fl+7BVeri4uVP:c+A1NCoKRmChGhGRviPH+q+fmcTuVP

Score
10/10
stealczgratratstealer

Malware Config

Targets

    • Target

      9b30b6f64c83acbd8e77c7754037ef8143edd20fc836f9b664553dc77f89609e

    • Size

      449KB

    • MD5

      63b83e62f8b5add207ee77727669cc11

    • SHA1

      6dad92c566eec726d7ab1195a3ff99930a8f4d9a

    • SHA256

      9b30b6f64c83acbd8e77c7754037ef8143edd20fc836f9b664553dc77f89609e

    • SHA512

      17fa4562e84a69e1b0c8dafa33970f6e3fce26f80b0c70ba60b338a8e93583d3cdfcf7455f82030be2d4a29e0dbc4197bfa9d99154a648024869fd53929cb6af

    • SSDEEP

      6144:c3OVgg81NCoKajzyFBmCh4j1nhGWC11meyRBPH+fEB+fl+7BVeri4uVP:c+A1NCoKRmChGhGRviPH+q+fmcTuVP

    Score
    10/10
    stealczgratratstealer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks