Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1c5dc315ad31a535dee591cb30d3e461e010831fafc705145b7e99f6790b6766

  • Size

    411KB

  • Sample

    240418-spcytshf8z

  • MD5

    0466201bfef35e895f337de2ea24daa3

  • SHA1

    09e4195fb70595c361dd7ad7f59000c1beb10f14

  • SHA256

    1c5dc315ad31a535dee591cb30d3e461e010831fafc705145b7e99f6790b6766

  • SHA512

    e834ff974e03879405c79575d0ba7d61df322d01281c9ebd84515917f8a68a5e0075c9ad358c2be305597a8dbe36a100c92c2098d3b255946447e987c7784ac4

  • SSDEEP

    6144:fmFaLLIPKVobroerIKzrJ+USSgaFLO33bd3C7U2tv0JEPcYe7Zzt8Qv:fmFaPIJQrQJiSgfxevQEPc9BtLv

Score
10/10
stealczgratratstealer

Malware Config

Targets

    • Target

      1c5dc315ad31a535dee591cb30d3e461e010831fafc705145b7e99f6790b6766

    • Size

      411KB

    • MD5

      0466201bfef35e895f337de2ea24daa3

    • SHA1

      09e4195fb70595c361dd7ad7f59000c1beb10f14

    • SHA256

      1c5dc315ad31a535dee591cb30d3e461e010831fafc705145b7e99f6790b6766

    • SHA512

      e834ff974e03879405c79575d0ba7d61df322d01281c9ebd84515917f8a68a5e0075c9ad358c2be305597a8dbe36a100c92c2098d3b255946447e987c7784ac4

    • SSDEEP

      6144:fmFaLLIPKVobroerIKzrJ+USSgaFLO33bd3C7U2tv0JEPcYe7Zzt8Qv:fmFaPIJQrQJiSgfxevQEPc9BtLv

    Score
    10/10
    stealczgratratstealer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks