zgrat | 33e0b1b407c8fc63c718216d34026c60f43dfe76bb04c380a63a585e7f92b228 | Triage

Submit
Reports

Overview

overview

Static

static

9

Celery/Celery V1.exe

windows10-2004-x64

Celery/Celery V1.exe

windows11-21h2-x64

Sharing

General

Target

Celery.zip
Size

12.1MB
Sample

240430-qtg28shg33
MD5

0eb92b71b07f0f5335bb7cac791dfbfa
SHA1

952f119649d2dcb1d21b9d5b93a0ec83a643fb0b
SHA256

33e0b1b407c8fc63c718216d34026c60f43dfe76bb04c380a63a585e7f92b228
SHA512

674768880af0b2a34a135cbab0f6c978d91e72f66e7c121dcc18a28fdb055e6e35aec4ef809854a702eac3aa5f53eb7cd80342dab26f92c82303877b6d58ef4f
SSDEEP

196608:nKaXzl19iVODuIpsIajbLlNEkLXOCfcwWNx1q1A3Y2EtrxZNbONaDCWNW+Lmu:KU9iVODuBIa/LlyELIW/bO7wLv

Score

10^/10

zgrat cryptone discovery packer rat spyware stealer

Static task

static1

cryptone packer

2 signatures

Behavioral task

behavioral1

Sample

Celery/Celery V1.exe

Resource

win10v2004-20240426-en

zgrat discovery rat spyware stealer

windows10-2004-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

Celery/Celery V1.exe

Resource

win11-20240419-en

zgrat discovery rat spyware stealer

windows11-21h2-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  Celery/Celery V1.exe
- Size
  
  800.0MB
- MD5
  
  abdf485a5bc69f25b1874b5820cdc932
- SHA1
  
  62a9f22f5dd232f9b75c8ca4fce4983c8c800aab
- SHA256
  
  0748a1c46b6ff4d406b95cd07895e9cdc7721d2fb24d62ec10c4273258901765
- SHA512
  
  066db062f466f0b593ccf539a4ccdb76b7202374e460d9bedad46c421d6aa3b83acba3dbfeef08682768de153f0d377d6478cc4bb16c989ee512fb58a0cddf28
- SSDEEP
  
  24576:NXtOM33QyjO1IjZSKKBOJJK9UhKoZmM/geEpK7Twuj7zFQ76i:BpLjrjZZrKxoZjaw7T9j7q
Score

10^/10

zgrat discovery rat spyware stealer
- Detect ZGRat V1
- Suspicious use of NtCreateUserProcessOtherParentProcess
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratdiscoveryratspywarestealer

behavioral2

zgratdiscoveryratspywarestealer

© 2018-2024

Terms | Privacy