General

  • Target

    b5eb5ee2bef8da033390276999fa669b.exe

  • Size

    93KB

  • Sample

    240504-kkwalsgh3w

  • MD5

    b5eb5ee2bef8da033390276999fa669b

  • SHA1

    84f53da6eeeb85308069512efe766b80706b7143

  • SHA256

    9387f4d0d04d48e9bdb9cbcb6edd9b2567fc50b0b5752c05b507c6953b33c742

  • SHA512

    4c8b808d857c8b8fc3efafa1bb317c977d30898e283791a1acd6d0014543d30568d1f1ce74aca3d9398216e80efa0aeb9da5a247176bb945368a2461728ec00f

  • SSDEEP

    1536:G8gjDQ97sYos0GiY+ocn+/JqJTVaaI9m+6p7Hxh:/SDQ97so0GiY3/JKM8+6pT

Malware Config

Targets

    • Target

      b5eb5ee2bef8da033390276999fa669b.exe

    • Size

      93KB

    • MD5

      b5eb5ee2bef8da033390276999fa669b

    • SHA1

      84f53da6eeeb85308069512efe766b80706b7143

    • SHA256

      9387f4d0d04d48e9bdb9cbcb6edd9b2567fc50b0b5752c05b507c6953b33c742

    • SHA512

      4c8b808d857c8b8fc3efafa1bb317c977d30898e283791a1acd6d0014543d30568d1f1ce74aca3d9398216e80efa0aeb9da5a247176bb945368a2461728ec00f

    • SSDEEP

      1536:G8gjDQ97sYos0GiY+ocn+/JqJTVaaI9m+6p7Hxh:/SDQ97so0GiY3/JKM8+6pT

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks