zgrat | be9880ef9ccc6b51f6e22e21884bf7092da435c96a072bd9e9515eb88b7c6bd5 | Triage

Submit
Reports

Overview

overview

Static

static

1

ec3e0e37a0...48.exe

windows7-x64

ec3e0e37a0...48.exe

windows10-2004-x64

4

Sharing

General

Target

ec3e0e37a0706e727186ef4a1d338b48.exe
Size

474KB
Sample

240428-r9v5gaae51
MD5

ec3e0e37a0706e727186ef4a1d338b48
SHA1

549d90919104da57c9ed2e6cbc3d4a654b32162b
SHA256

be9880ef9ccc6b51f6e22e21884bf7092da435c96a072bd9e9515eb88b7c6bd5
SHA512

6010946af214b0015b899f1fb1086a66a0e5d0851a35256f3294ea92e3557912cd129569220c69a4f593db37ad9027c3c7c297f904965ea9cc2e8af61a7a0862
SSDEEP

6144:hxxxVzbfkDOMpkMQ2S/YUa/fdchxRhu9X:hxxYtB8//acRuX

Score

10^/10

zgrat rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ec3e0e37a0706e727186ef4a1d338b48.exe

Resource

win7-20240221-en

zgrat rat spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec3e0e37a0706e727186ef4a1d338b48.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ec3e0e37a0706e727186ef4a1d338b48.exe
- Size
  
  474KB
- MD5
  
  ec3e0e37a0706e727186ef4a1d338b48
- SHA1
  
  549d90919104da57c9ed2e6cbc3d4a654b32162b
- SHA256
  
  be9880ef9ccc6b51f6e22e21884bf7092da435c96a072bd9e9515eb88b7c6bd5
- SHA512
  
  6010946af214b0015b899f1fb1086a66a0e5d0851a35256f3294ea92e3557912cd129569220c69a4f593db37ad9027c3c7c297f904965ea9cc2e8af61a7a0862
- SSDEEP
  
  6144:hxxxVzbfkDOMpkMQ2S/YUa/fdchxRhu9X:hxxYtB8//acRuX
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

© 2018-2024

Terms | Privacy