zgrat

Sharing

Copy URL

Twitter E-mail

General

Target

PowerISO8-x64 (1).exe
Size

4.9MB
Sample

240420-s6a6kabh68
MD5

d884550a8b075167353db3bc9118dd18
SHA1

5975cbc800d452546a0ec7456d19fccc15ed085a
SHA256

be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
SHA512

0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf
SSDEEP

98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8

Score

10^/10

Malware Config

Targets

- Target
  
  PowerISO8-x64 (1).exe
- Size
  
  4.9MB
- MD5
  
  d884550a8b075167353db3bc9118dd18
- SHA1
  
  5975cbc800d452546a0ec7456d19fccc15ed085a
- SHA256
  
  be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
- SHA512
  
  0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf
- SSDEEP
  
  98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8
Score

10^/10

zgrat discovery persistence rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  $0
- Size
  
  135KB
- MD5
  
  92eae8dec1f992db12aa23d9d55f264a
- SHA1
  
  add6697b8c1c71980e391619e81e0bada05e38ee
- SHA256
  
  d01a58e0a222e4d301b75ae80150d8cbc17f56b3f6458352d2c7c449be302eee
- SHA512
  
  443a12a1a49e388725ee347e650297ba5268d655acd08e623ea988cde07ae08ae861620b600fb223358339eeab926fee1c8377386501310c68a3eb9515649441
- SSDEEP
  
  3072:hl1VSgPra4TD5Yt2JVLuPIqEjOZN7mPARacgx:hl3DtYtm+Ij2aZ
Score

1^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  68KB
- MD5
  
  ca2542b0e66e48d7e3f361c8eef8f720
- SHA1
  
  368093fbcbf5dfe2cd58e77f2d6eee7ea5b808cb
- SHA256
  
  4566dfcc153cba168a02eebc5ddd9d82832cf463ebb8ecb4ec2f269f9f85aeca
- SHA512
  
  72296dd3d0a741caf051a326cd703b59132136bccbe43c000cf4e57e3d7955aa812501a59f4f62530b2a2b8a73bebf55d32aa428a869c4c840fc16bca1788a33
- SSDEEP
  
  384:tZfV37EjIopEmmR2vqTf73cynNOBD97H5x1QJOa5/LIsW4Jl7tJegwf0NY:rejIodmMiTDzNOBV/o5/jJl7DTNY
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ec9640b70e07141febbe2cd4cc42510f
- SHA1
  
  64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
- SHA256
  
  c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
- SHA512
  
  47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe
- SSDEEP
  
  192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc
Score

3^/10
behavioral5
- Target
  
  $TEMP/$0
- Size
  
  29KB
- MD5
  
  c3b224d15a9036805575b2ff0bcefeda
- SHA1
  
  74779ae82a97e97d770435d097821810f16c97c5
- SHA256
  
  23d8aeff49ffbac9f9490e9739e059cd7064516dbcd693fe2de77830b127ff8a
- SHA512
  
  5a5d98cc9a4aca076049340a4645879a8e4a1d2e24a672015627446d7e3729acf0b64bc8a0f702b8da735d22607fe13ba3ef6a497a57891804576899b06bb461
- SSDEEP
  
  384:XE+iXOWKqv0WEXSvQiJb7Mejv14ESgQaMOaA9qqKYu8iFz/pvow3PrCDaU2:XxspKA0ZiVfWEVUfYuhFzVowOD
Score

1^/10
behavioral6
- Target
  
  Lang/Arabic.lng
- Size
  
  44KB
- MD5
  
  df394959eb900bc4500324b7e1a674f1
- SHA1
  
  3e5863b8e7a70f5c963342cb07bf219c3033fb96
- SHA256
  
  566220bd0badc31c82ceedce53cb17b8c009e2ae5c1df4e32690274d3511b014
- SHA512
  
  4ab2832e0e6028b3911d9f758788a0f3aa710b8bec1cc215d381e4ea0017f4ce2240bb3f38778c1d62c33c364117c3ac70091383f2deff72d4d971f10125d47d
- SSDEEP
  
  768:dPJmWqNK962z5OxPIRSuB3oSpWV3n7RhC2Ct0OEQSy+EZyZSYZiZQSLao/KOBi1:ag2VnfCt0py+C8
Score

3^/10
behavioral7
- Target
  
  Lang/Armenian.lng
- Size
  
  47KB
- MD5
  
  39a9944552e746501be30e128f511471
- SHA1
  
  007dfade843e60a58a32c8fed705e7a8b60abfe4
- SHA256
  
  75b9ed8ead6235aa0caedab794b353e3a74957f82d3c0c938a1dffcfe9f54bab
- SHA512
  
  3009dcdb35344c19ccced8ee1b523d0e17c54dabf7faa4eba988409893e7bdbb5ffdb4bc21065568c59de94e21ddd1b3e47791abdb73f8b5e3a9cbd72a262b79
- SSDEEP
  
  768:7iDJKUJ9klUZDZGOEIThhmD/PFe54mVzA1:WDJAatGUhwD/9e5PFI
Score

3^/10
behavioral8
- Target
  
  Lang/Azerbaijani.lng
- Size
  
  48KB
- MD5
  
  78a717846a059de665e889e05313ea9a
- SHA1
  
  67737ad90520e588d7271bd42fc0c1333b442a8c
- SHA256
  
  696307e616727c3ef2b791916d4a340cac85c6ede86bed1b0322e5e37ca66043
- SHA512
  
  a08944180c73786f16dea1ca18e9819805077e8da778e989c7cd910bcca33a8a310a516d7361158f34e099594716218471a149a3c04a94a654d9b9056cfc7209
- SSDEEP
  
  1536:GTeglSTzoHszjEw5FPHh10xUHr0FTQZtyLVhVtP7pHw3pPb5vFyap1:GTeglSTzoHszjEw5FPHh1gUHr0FTQZtx
Score

3^/10
behavioral9
- Target
  
  Lang/Belarusian.lng
- Size
  
  89KB
- MD5
  
  52374ebf32ba06f759a20a644dbbe838
- SHA1
  
  b7d5e06a7fe1ba3d7979e90689cc0f8312517921
- SHA256
  
  7e80b73e66232e8ca164aded1a08f63fabe65e4e38859963e6d5541f7f7ab300
- SHA512
  
  15802e6ef85bcc1f1816d5794f5d156f27f32443943c3feaff1f0d94e656396f54cfc5adf22d50e214349334126ad3135656b434c8712aeb60b1aee17e21098a
- SSDEEP
  
  768:jYOS3i3eMryxyJajwIYEPdlHSGcvbHsLl4Kj+PuO1vARXz8/1d7AkjVVgD30iUSW:jnYjMYQe+LhARXgd7AkjEWJ
Score

3^/10
behavioral10
- Target
  
  Lang/Bosnian.lng
- Size
  
  57KB
- MD5
  
  27e3f9caf5c2f6f56d05839db1f55dd1
- SHA1
  
  4d2b7f09246d97cf6d96cb0c1374093d197a7a8d
- SHA256
  
  7be27864827af5ffeb2b8582f52d47eee58ffe84719512cfe721720abc5383c7
- SHA512
  
  bfa56a4a410bd66f3e73555c932369a14508a390847c25b21e95e3ad4e22ba93d9251bf41e0c0454f883bed8bac57f6fe19bfb9234dafa3c6e0dc48268c2ddbe
- SSDEEP
  
  1536:nNL6vzffq9+9fB4UnDvDK04t2WfN39ROFvZzk3cjcUA544JUNkOIAnYTH:nNL6vzffq9qfBjDvDgiFvZzkMjcUA9Jj
Score

3^/10
behavioral11
- Target
  
  Lang/Bulgarian.lng
- Size
  
  106KB
- MD5
  
  fa5b927ed89b89022006fe42de40e477
- SHA1
  
  2e5b11b632f2ffd6fff2ba4604ac9bb0a783ff27
- SHA256
  
  ec7a79df223d5a3851f962bf21855dbe09dc0768e6cc6e5803526e2e16089c6f
- SHA512
  
  ce33319f21e8b1a95a3302199ac92be84c73899b7f16ef5f3e50ef70f0b8c62cf15f83dbd1d1ec27a5feedbfdb74cae2e7f77a93ddbae9c6d0f773cc348e898b
- SSDEEP
  
  768:hsAVL3avxrDvlXO+946ZgAXxM82HkcyrXv+ZHAdZFj:FixrDv4/VAXF2kcyLv+ZHANj
Score

3^/10
behavioral12
- Target
  
  Lang/Dutch.lng
- Size
  
  111KB
- MD5
  
  45bed06275ca8abb2c4423c6453b7ecf
- SHA1
  
  bf85cd68a047f27968c886abd10395333647153b
- SHA256
  
  9c943144847227a9aa7c2705ce36a67a35dc1d85c1b17d6466b62116e9cb0af2
- SHA512
  
  e2a648a813327c5bab9e6efefddf1373bc925c269a8216b82a91d625ae96736a14a9f9c948c2d78d89db7c3ed6bc6548fbf72ae0422b701bb771b80576df6d2f
- SSDEEP
  
  3072:zsAN30Gm4Wp/91E7qjoPdjFpaSni4H1YJDhzFHDEqzoJQUEW9H61h4QsiD9TorfP:oRI1B
Score

3^/10
behavioral13
- Target
  
  Lang/Finnish.lng
- Size
  
  64KB
- MD5
  
  2f9aa74f68d74f574c29bf7c0b964358
- SHA1
  
  5d3c6026ec57837f373b8f5f2cc05043721db73b
- SHA256
  
  a28569aaa735d3fcf9934460b283e47a8c510ea80439c57ded797d7d767c9a47
- SHA512
  
  7bc0f83ac43b8cb4294ad4bf169c583f6b5948b92ac30a2626736bec204811a4562d3274819a7828ac787e22644e9f2ed2463fe3903ceccd98aa73c11811cb8a
- SSDEEP
  
  1536:OYMktSVGbvcj8m7Kp1e7it8oMlrzfSIsYJQ4WbgZyh:OYMktSVGbvcj8mOp1e7roMlrzfSIsYJu
Score

3^/10
behavioral14
- Target
  
  Lang/Greek.lng
- Size
  
  115KB
- MD5
  
  fc4dedb73e9e7ea23341f0e06bdbd60f
- SHA1
  
  3aa8df019d70a474ae8918f8ac8847763360de3d
- SHA256
  
  48ad97a8671a0359e0f16ae4d43a14188bb3af4ae2d0870f31fd389b9c63e516
- SHA512
  
  c122c8477680fb7ff93b7f75df038c0c5e5544af9c435ee9708e434d34141fa975707ebe700a952da39bebf86dbc1f3d7739831e8a61ed5f3c24c1fdc0958fd6
- SSDEEP
  
  3072:wGkRO83NBYBkbJM6oIcyyGN5JJ5cXT88OKXBZQjtpPz+:QpO/jgtU
Score

3^/10
behavioral15
- Target
  
  Lang/Indonesian.lng
- Size
  
  73KB
- MD5
  
  590c45a771ec412f469d3fc512692bd4
- SHA1
  
  ca045c7d5995670f5d251542826739c43294cc62
- SHA256
  
  1832c7639f5ca292d617f7e61a502aad96ef40c38b5407ec84057aa63a250c86
- SHA512
  
  ac02f5306cb8dfdfc817dd73e172a203e446c198812452eed8f74116a85818fc67f8b8d7ff3beb98a0f5965e6e9f68194c8a539e602535b082788467404fa811
- SSDEEP
  
  768:09Knw9XvwyQnBa9ILKGQfH+26WJYLsVKlFNbHlbF:zgs/Ee28FTF
Score

3^/10
behavioral16
- Target
  
  Lang/Japanese.lng
- Size
  
  39KB
- MD5
  
  23bc2f15ff712025997a0e018262cade
- SHA1
  
  d952f3a25635894fcf67a02134fdbb5d3505b70a
- SHA256
  
  502ad727c773c7fe4bea5c1644da44f03c311a7ec4d72d23fa4c619e18c53d5a
- SHA512
  
  860931180291caf139e500fb4ec58899fb3a7db57cffeb56db3d2dae0cf577848bcda6d26dd6e20a181ef6a678913b9883a62f5e07f787b59bce54e83d829bf9
- SSDEEP
  
  768:qQ2Kv6S6+ORymX0IYsAxK8JOn8Q9PxlK73ft:9NIbX0Ivnp9vK7F
Score

3^/10
behavioral17
- Target
  
  Lang/Lithuanian.lng
- Size
  
  46KB
- MD5
  
  071ce70a4cd0fad14c843e8a02b159af
- SHA1
  
  64efcb326739650c9e6d480f33477ce1bc286537
- SHA256
  
  3c2103115e8d1f5251a5294605e2863387d9921a43530571cdb2bb43f63eba4d
- SHA512
  
  19004622d02add96b75bb920f4b772df014c307a9b2d4fb730cf68f4e4eb03d905138d44c2d92f957a081cdc3435016aef43ff3d2dd4c64f9b25cf5fa220eb8e
- SSDEEP
  
  768:9DGXwiOlbPpw7qN5EHNmMrSc1Wv0JjMTLouVTGOEsyrC35G/3wfGL1:6ebW7qNSpJsTGCyqU/gfu
Score

3^/10
behavioral18
- Target
  
  Lang/Norsk.lng
- Size
  
  95KB
- MD5
  
  0f4841f83c8597bd7e11a152c924572e
- SHA1
  
  3401ae67615f52fb90322a968c531d11c82659a4
- SHA256
  
  04fcd3084b3759ea6ae31551c9b344fa1cd26b555fd9e9fe36c9313de72c9052
- SHA512
  
  c94e8ee36f347b948fa551941016b0f99613267901d089aba3fb53ef7759ca4071ca3df307f3bff6d04c8ef16b69a6d9cc85942357b49d26cd936bcf22a75259
- SSDEEP
  
  1536:dwqUt34hhY/GG0Xpa2Hnjv4dYbiZCmidim/85Wtbw8N6lPbJFtdjSK7DthKuMLPA:dBUt34hhY/GG0Xpa2HnjwdYbiZCmidiX
Score

3^/10
behavioral19
- Target
  
  Lang/Portuguese(Brazil).lng
- Size
  
  113KB
- MD5
  
  8c8f7d9612d468caab77ebba6af6605a
- SHA1
  
  49948c06b5c900ca86bea3437bf2d9ae34a31f32
- SHA256
  
  953131a00d676369db93e31c39d26919bdea16aa397aecf625f05708a8c809c2
- SHA512
  
  1a3fb2e597c0ace83c15762bd3d43070971541ecf769268ad138e36fea41356895790f95a0695be98ae0cbc0a68c31f550ffa5e5192283246f77e5d54ac72f66
- SSDEEP
  
  1536:HEaItTAuGUZLMLP0LzXCRXuAViIdPa3JO9ORi7tr:kaItTLZYLpcEoRil
Score

1^/10
behavioral20
- Target
  
  Lang/Russian.lng
- Size
  
  95KB
- MD5
  
  963c126ddc71fb8c461045f526dea843
- SHA1
  
  e8c620a5a1ab65f8ced98b72ec2ab80e97429ff5
- SHA256
  
  49f96df6dfd30bb10e3ed15dc0ffe65eaf173f96ae5edefeb0d83e2b66155aae
- SHA512
  
  abe24eaeaaa3dc460d8dfa622f1173c2741cf9a2b84a094fb290eb120b3c46c4b91a149ccf95dc5502f7a27e3684eab808f74eeb1c8054825f9f61745ecb0a2c
- SSDEEP
  
  768:EO1IDjrNtGG2oZVzU01U+I7wB/bPxBUexysYQ:J+rfGzozzdVBUexyY
Score

3^/10
behavioral21
- Target
  
  Lang/SimpChinese.lng
- Size
  
  42KB
- MD5
  
  0141ebfde7cf2b57d6e679be189dae36
- SHA1
  
  d49d0ec9aa37eca802e30716ce3b534bf00ab263
- SHA256
  
  9b17b55cabc0f7ae7485c62cda0b94868752d23ebc02df8b78cfbc2d2bd83f71
- SHA512
  
  fc972cb24f94b717cd0078d224ddd5ae6c54048eb0feb5dea42ebc1555aecea306f299c66d3d33292c39bb4f222502623080e06b08a3f1f3aa37a926f3df0633
- SSDEEP
  
  768:Z+ml9UnF5vFQ995gbKrkm0EGDEhZgVHM8EYeQoOSm0ayOpfo+DazIEJ:AmlULvFU95gbKAm0BbVHM8ELEpo+DjEJ
Score

3^/10
behavioral22
- Target
  
  Lang/Spanish.lng
- Size
  
  113KB
- MD5
  
  ba8bd5031a2af05eba064b08e2305b3a
- SHA1
  
  67f57d33cda9c12338a49db3a82f97dedc56c1af
- SHA256
  
  cadac9fc02efb5922dc5cb89878de1228fdd10cd50ccc930f3bebb90313b2cb6
- SHA512
  
  f3e49e122f12d6d56ba46538aa6c31ba343cc7727fefa2467b7afac1331057e126d3b0d4da48791c8e7ca81dceab9b774c2d55be3428ca513b0f92db581f10dd
- SSDEEP
  
  1536:T3SMia0jhJunWhnTHU6taY1GFqxYu/QaXmqeEbBeR:T3SMiapnY06taY1GFBu/Qa2q/bk
Score

3^/10
behavioral23
- Target
  
  Lang/Thai.lng
- Size
  
  40KB
- MD5
  
  eb7287a2f3386731a82482874d7b1480
- SHA1
  
  861738c334c0f055c6a7389ec683e52588a28323
- SHA256
  
  b02cff6bbad76ae35133d43e38d2066ea62b9bbdad10593533acc29abb0c688e
- SHA512
  
  decc184fdc4098d3a3ba216e4b522e973b3a879340e0b41c4745f5cef00f09503688a379323de95c55a57d5fee1e3fc84c56cc24133ccc2aeb0846961fba5060
- SSDEEP
  
  768:CpvMuIaKejzM75JCIT0874dq1/0z0fx+I+lt3MlloBizlPtO1lRGOEy7SCplKm3L:mv/5KGM75UQxB0uXzl1O1lRGoZplKmXr
Score

3^/10
behavioral24
- Target
  
  Lang/Turkish.lng
- Size
  
  105KB
- MD5
  
  7e33e7c592d94d166623ee775d89f82a
- SHA1
  
  5461026703760b2888c269691a0f1252862185a4
- SHA256
  
  9342917a8192c104218c571d647205126c25ae6c22c3e39c8e70a1208c0cb4f0
- SHA512
  
  af5d49e9b893fdc5ee1db756298001d042b33bb17dd88e16e75fe7a6299b2c24443648ccf53b4597445e9561f54733daade671eff0334bfad610d6eb232ab660
- SSDEEP
  
  3072:scpVDh/XmDNtyZe6BI5jYrbf4ceQZVxmMDhFSltRdVDOG5iNK7e2o0d5Z00tgQne:tlDerVD4Uhj0
Score

3^/10
behavioral25
- Target
  
  Lang/Urdu(Pakistan).lng
- Size
  
  53KB
- MD5
  
  38cfde2f37d4e7d11a992ce6aa3bfba8
- SHA1
  
  90aea403d5645172c3159325d2e0280c40cf52b1
- SHA256
  
  f76bbc98150882bb51cc052fe1a2882335c65bc8b1ec0b34bd118df8c18e3db2
- SHA512
  
  4344e20cbb9277f07877318e56d35b9c017b36f2b24e4baa4dfffa260e1a8eeab711d9cca6f49862ec591a14f2bd117d85d9cb735bbf0bc0eca15c398855f111
- SSDEEP
  
  384:U7el9PXFNehVexDfonsQKLMEfznLOec4EEu9GBOZnMdoL+WiR5G9gwtisX4wx8bm:R007LGEu9bMdoL+JYCwtiyxOps6zmPv/
Score

1^/10
behavioral26
- Target
  
  Lang/croatian.lng
- Size
  
  61KB
- MD5
  
  b94e0fe2974e41da7639cb9691fc8c96
- SHA1
  
  28f490c0582088bb4790fd3c1430fc37662c6ed1
- SHA256
  
  b20d52aeaf8a51049ac2e9bfcdf5047b37e17acefc1b98ab982e9cabf7d2b8e7
- SHA512
  
  54df0156aa833eb661b8083e6415d9cee7928521d13329174680de34af263d87e8fc7291533acb52f1f23372681c2f6adda6b56f4bff97ade20fec807434ae37
- SSDEEP
  
  768:/4dktpSXv0XHgodUCNjRuT0Jwo4kus4klZv+61Ut5ebRqFtsQ9e6jXRxsQ8ZCv5:/4etpFPdUn0Jf+61pGJ9jHsQ8ZCv5
Score

3^/10
behavioral27
- Target
  
  Lang/danish.lng
- Size
  
  57KB
- MD5
  
  16f6aa7bd28bede15f749c173ba26649
- SHA1
  
  a6a6773d1f97439890cbe73fb332e12e250d121f
- SHA256
  
  1b3ab2dd6dafb98f01855432efbe46da0b6043fa036b9de127b0f997281bd469
- SHA512
  
  e6046bd3191e75a41b46fac85e4e3decec76ce68d524ecbe879887b01dfc21c9ce7ec3d58579bf16ebc693d780bb8b075b3bd136a568f7662e984b91e0f473e2
- SSDEEP
  
  1536:c7Ix/zIOAyM8ivS4cu/4iRbZUBvems7PuKdUJy+CRCh5Db9plWnwdIwom/V+BaS4:c7Ix/zIOAyM8ivS4cu/4iRbZUBvems7W
Score

3^/10
behavioral28
- Target
  
  Lang/kazakh.lng
- Size
  
  58KB
- MD5
  
  6e690ee505ec2a4b8803e24ceba5ca43
- SHA1
  
  8d459424203ee2facbc8cb71208366a0b8a78157
- SHA256
  
  c651d03de96e44f2cd616ebbbfe67b9b0c4f5561318e1be87e424a61cd8a585a
- SHA512
  
  6c356e61cb916ed74f74578a2dcf615b96e7eaaf8b7ea9bedafea304d9111eaaa00b30e7fcbbc389f1508d5df6b8ab812badf46af94ee4976238049137e44983
- SSDEEP
  
  384:1x6/qFAv3U4A7sOVAKZbvrLNyj9U6AHwK+NsG9WCCYCAN9AmChcfjAW2Aypjk8Ms:eZSw2AbUjkS7L6wBo0
Score

3^/10
behavioral29
- Target
  
  devcon.exe
- Size
  
  69KB
- MD5
  
  9d199564b65a91a531b23844649459e9
- SHA1
  
  8d84359ced1c51d14e70cb5ed36a6083c8b914cf
- SHA256
  
  8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
- SHA512
  
  ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
- SSDEEP
  
  768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score

1^/10
behavioral30
- Target
  
  piso.exe
- Size
  
  21KB
- MD5
  
  99c1672e8ed7c85474917ebbc6903f3a
- SHA1
  
  5b7a4c43a169d2ee4ebc65a716cce846e26e8e1a
- SHA256
  
  1f6ee5802f6cc16c5ce12661155201350b7c53587ddbf61c429d05abebb69a2a
- SHA512
  
  8bac273ea6a811f8f7afdb2ba36aa5df1797aaa2c1e8a2569b810179fef81583d33bd626f9a3572ff3dd2e9b8be67d412a435cfc5b0fc244069f0922061f1ca6
- SSDEEP
  
  384:FXhgKsW4zL6KZjthU53XnCm/Zn6KZjthUBopnCm/2Q:NWK2zGmjtu5nCKAmjtuBsCKD
Score

1^/10
behavioral31
- Target
  
  setup64.exe
- Size
  
  20KB
- MD5
  
  fdaf68ac10888345fc0dfedd070dbd07
- SHA1
  
  160e72adf208e42511274e7dd786975cfce4d4d2
- SHA256
  
  e69945c414a228f6299a30946401bbbb900d0b8a814e2ce8c5c44c12f130eb75
- SHA512
  
  943ae7c986ec48d24ebf9c83a3821ecfb36aa7bca0c010c7b53030c0ee30980c848177b5ec33fb2317f71dececa3bee5adf53393fb6f30f8f9b7d475965038a5
- SSDEEP
  
  384:yTwBHiBYcYV796KZjthUFYnCm/x86KZjthUDnCm/Gu:CoHiBYcYB0mjtu+CKFmjtubCKv
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

Drops file in Drivers directory

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Registers COM server for autorun

Adds Run key to start application

Checks for any installed AV software in registry

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32