zgrat | 8a464dc6c1c036ff976af16c85f712538e324c307ccacb0d3fb219f2c5663a47 | Triage

Sharing

General

Target

GTA 6 Builder-Install.rar
Size

15.0MB
Sample

240428-qtebcahc5w
MD5

9de6427096abb3204c53588d686df646
SHA1

42c3c886b08442120029fad062f17c51268acce3
SHA256

8a464dc6c1c036ff976af16c85f712538e324c307ccacb0d3fb219f2c5663a47
SHA512

71d1b04e98785f2401554576843971f6f066a3b4e16530564b320a3116ae6313bf03e6cea11494bab1f1948785b9bc0d15153654adf34653805b92aeabdd097e
SSDEEP

393216:Dk/RHUs83ZN+vGvioMVya05383WLKfcCfJDc:4R033ZlioMgjdNmECBc

Score

10^/10

zgrat rat spyware stealer

Malware Config

Targets

- Target
  
  GTA 6 Builder-Install.rar
- Size
  
  15.0MB
- MD5
  
  9de6427096abb3204c53588d686df646
- SHA1
  
  42c3c886b08442120029fad062f17c51268acce3
- SHA256
  
  8a464dc6c1c036ff976af16c85f712538e324c307ccacb0d3fb219f2c5663a47
- SHA512
  
  71d1b04e98785f2401554576843971f6f066a3b4e16530564b320a3116ae6313bf03e6cea11494bab1f1948785b9bc0d15153654adf34653805b92aeabdd097e
- SSDEEP
  
  393216:Dk/RHUs83ZN+vGvioMVya05383WLKfcCfJDc:4R033ZlioMgjdNmECBc
Score

3^/10
behavioral1
- Target
  
  GTA 6 Builder-Install.exe
- Size
  
  13.1MB
- MD5
  
  95f7a7d1658b372cbcbd6cc1ef91bef9
- SHA1
  
  180182eef4ac2baaa0d773aeb59aec022a3d34cc
- SHA256
  
  841d63d65e18b16579ff539e49ea437ef27c488d52d463b0105cdd4b19d2ea37
- SHA512
  
  26bc67b7665bb2423e765249caf7ab7a0634af699335568d5b19732a149560d9b77bc586477c12bacc66cf382a1e80b9846e6fe05d9e9315e66f88e438d4c095
- SSDEEP
  
  196608:Ya4hESrp12vabgVvjce8pPZHjSOZlrMUjJi2QSdI/K2RZPvn3J+sL378BZnybgbo:Ya+HoRHe5V/rDjJfNqvZXn3J+DZyBd
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral2
- Target
  
  NL7Data0404.dll
- Size
  
  2.2MB
- MD5
  
  81b14fd1c9d2b830e55c93c4c38afa2f
- SHA1
  
  975bef050d9e8d2ee577e1b4db5dd6e2d67bff20
- SHA256
  
  878e2dbac4b6a6bcce54742f3c7bfd87aa93a6637cccc1e5d18ab65215d81bee
- SHA512
  
  16bcd415ca4cfc8813d990a304723a87122eede56a4f2c84b8fac91ccb0d5fd9c2db413358eecf145c1faad5b74f16b516a3c5e12f977bbca0cb6f66cc73d3ec
- SSDEEP
  
  24576:WckkkkkkHxKjbNX7UtOGwu1fg5tXVD539swzYNefx+Pff5pn3DXBdVjtxv/Ui:WeKYtOGwu1fg5FtJ9nMX5bL9z
Score

1^/10
behavioral3
- Target
  
  NL7Models0804.dll
- Size
  
  2.8MB
- MD5
  
  65525c7b89204d241120b7638934a0d2
- SHA1
  
  c7b20986b1c5cb76896d0fca167e02f6cbfb1fcf
- SHA256
  
  18f7f52f14986133f9a9676d5ab959349377a53c0936cea6eb9880e72f85bc54
- SHA512
  
  0e5c920a4c2b197b890a59bd56e54a49cf7167407aa2d1381abe5e2afaa646aa8524d145616ee370a4f95e0069baccff0ff616e60f598d47d2ce817f23f47fa1
- SSDEEP
  
  49152:uoUhaa1DcUEtVYi/WixQrZ/t6BvQZAbuW8X0VbBftuIIDyzwjWV2xK+RE30Y:Shaa1IXaJybnwG2xK2Y
Score

1^/10
behavioral4
- Target
  
  NlsData004a.dll
- Size
  
  3.1MB
- MD5
  
  be007b645b9d1332e3346107727320d9
- SHA1
  
  0717c6fea33ddd04b9f032039d23c66efd5e5f76
- SHA256
  
  7b128be8d77398cbc3bb789a34e21afc984c2e87276907a01326f8fb4504e9da
- SHA512
  
  8e205aaf5ef8a1e5259634ff51b1e0da8bf35ace547e01de05a02dd0ad55ef7a46329737ba062556c195ba0ef6e3722ea144752f0aa8330c440dac38b2653f82
- SSDEEP
  
  24576:oJEJNe9wndvrpof5UUv6ujcqJByewHXqQpiPlJKaTsO0KwRB3Q/CDuCF:k9CNofaXXqQpTawO0KwRB3Q/Au
Score

1^/10
behavioral5
- Target
  
  README.txt
- Size
  
  20B
- MD5
  
  229bfb07694f123e2cb4986f47100a62
- SHA1
  
  c07256227a3878a9fcb029dfa2794b2003787cd5
- SHA256
  
  8df26b1f550c80646f01d25b8aafcabb1342bbb2be1cd335cdb8d254be8c4090
- SHA512
  
  e5d153f6a3de43124ba343fd95c01baa550ad485ae2078487e8669988fa034fccbc4420695d9006b6ce19340a9f43ede7eb6509437fb32d679beb571f2981b69
Score

1^/10
behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

zgratratspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6