Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    200bba2e0541aa944dac193a8fc5457a4a914f3dab0c995df15ad8718cb2db0f

  • Size

    426KB

  • Sample

    240422-3rr6mshg68

  • MD5

    b77425295d31a3b4eb879d171ec20712

  • SHA1

    d8f5a4bb4c1a74c4e53ca0d159977e545041fe48

  • SHA256

    200bba2e0541aa944dac193a8fc5457a4a914f3dab0c995df15ad8718cb2db0f

  • SHA512

    013d5ba7ceed098834b07f8fad14add507e4b6bacf988a721dbab5f6c4b664be7211fbde350da9c6c83b2002dcd3572b51a634e6c104d1831fa7a795a9912246

  • SSDEEP

    6144:noJn25SYjZ+SbVduVe3BJ33kXkLRrKFfVASAt25lKgH/fI:oJ25vZpbVdnBJ33YkifV8/gH/fI

Score
10/10
stealczgratratstealer

Malware Config

Targets

    • Target

      200bba2e0541aa944dac193a8fc5457a4a914f3dab0c995df15ad8718cb2db0f

    • Size

      426KB

    • MD5

      b77425295d31a3b4eb879d171ec20712

    • SHA1

      d8f5a4bb4c1a74c4e53ca0d159977e545041fe48

    • SHA256

      200bba2e0541aa944dac193a8fc5457a4a914f3dab0c995df15ad8718cb2db0f

    • SHA512

      013d5ba7ceed098834b07f8fad14add507e4b6bacf988a721dbab5f6c4b664be7211fbde350da9c6c83b2002dcd3572b51a634e6c104d1831fa7a795a9912246

    • SSDEEP

      6144:noJn25SYjZ+SbVduVe3BJ33kXkLRrKFfVASAt25lKgH/fI:oJ25vZpbVdnBJ33YkifV8/gH/fI

    Score
    10/10
    stealczgratratstealer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks