General

  • Target

    a87ba1ea4d91b34a5bd332e96b2b69d1a850ce0510247429673bb72fc4f8f304.exe

  • Size

    3.5MB

  • Sample

    240503-ccdftscb9z

  • MD5

    237c473b91af5dd9556c64012ecfc391

  • SHA1

    b43db706c301f3c1acfe8f51c9364e524fd61aa5

  • SHA256

    a87ba1ea4d91b34a5bd332e96b2b69d1a850ce0510247429673bb72fc4f8f304

  • SHA512

    52d54b533e1aaa959384e470879215aaebed1de68d43c76399b618689b6a0a95e7e329cb84899062dccfbb828356ea61ad9b43f24884d4848271851e8a78fc72

  • SSDEEP

    98304:IUnOeq/u5u5fbHFWNAyEtSJDghmoWGd8Z6:IAub4N62D6JDd06

Malware Config

Targets

    • Target

      a87ba1ea4d91b34a5bd332e96b2b69d1a850ce0510247429673bb72fc4f8f304.exe

    • Size

      3.5MB

    • MD5

      237c473b91af5dd9556c64012ecfc391

    • SHA1

      b43db706c301f3c1acfe8f51c9364e524fd61aa5

    • SHA256

      a87ba1ea4d91b34a5bd332e96b2b69d1a850ce0510247429673bb72fc4f8f304

    • SHA512

      52d54b533e1aaa959384e470879215aaebed1de68d43c76399b618689b6a0a95e7e329cb84899062dccfbb828356ea61ad9b43f24884d4848271851e8a78fc72

    • SSDEEP

      98304:IUnOeq/u5u5fbHFWNAyEtSJDghmoWGd8Z6:IAub4N62D6JDd06

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Detects executables packed with unregistered version of .NET Reactor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks