zgrat | 099d824705f8ae8fc4a018a21a7c893de9385841dcb6c9629e2565c718368c05 | Triage

Submit
Reports

Overview

overview

Static

static

3

f8170ab44e...18.exe

windows7-x64

f8170ab44e...18.exe

windows10-2004-x64

Sharing

General

Target

f8170ab44e4c08d2088104a02aae5f40_JaffaCakes118
Size

939KB
Sample

240418-qppxaaed89
MD5

f8170ab44e4c08d2088104a02aae5f40
SHA1

e03ecbc4d42e94818ef900ba50e1ffaa25c59281
SHA256

099d824705f8ae8fc4a018a21a7c893de9385841dcb6c9629e2565c718368c05
SHA512

fedf7b92f800ed3e990d93e13db6104a1a99cb9d91bfbe8c1683764c1b11ce63b05d54260a4936da991d09b439559a05dd5b73720a3648401539d08abbb38b48
SSDEEP

12288:WjVLFvth+w7GodQpbelTQ2JK7Q0+AnCG53rfFBe1QZoU8:Wjvv/Nv+kTQ2XNYCG5TFBeOuU8

Score

10^/10

zgrat collection rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f8170ab44e4c08d2088104a02aae5f40_JaffaCakes118.exe

Resource

win7-20240221-en

zgrat collection rat spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8170ab44e4c08d2088104a02aae5f40_JaffaCakes118.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  f8170ab44e4c08d2088104a02aae5f40_JaffaCakes118
- Size
  
  939KB
- MD5
  
  f8170ab44e4c08d2088104a02aae5f40
- SHA1
  
  e03ecbc4d42e94818ef900ba50e1ffaa25c59281
- SHA256
  
  099d824705f8ae8fc4a018a21a7c893de9385841dcb6c9629e2565c718368c05
- SHA512
  
  fedf7b92f800ed3e990d93e13db6104a1a99cb9d91bfbe8c1683764c1b11ce63b05d54260a4936da991d09b439559a05dd5b73720a3648401539d08abbb38b48
- SSDEEP
  
  12288:WjVLFvth+w7GodQpbelTQ2JK7Q0+AnCG53rfFBe1QZoU8:Wjvv/Nv+kTQ2XNYCG5TFBeOuU8
Score

10^/10

zgrat collection rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratcollectionratspywarestealer

behavioral2

© 2018-2024

Terms | Privacy