General

  • Target

    50ee68942ea8bb92caec46f64d21c425.exe

  • Size

    36KB

  • Sample

    240504-ldly2ahh7w

  • MD5

    50ee68942ea8bb92caec46f64d21c425

  • SHA1

    6bf4dd3cf4c58a212473c819148ec2bd4710bae7

  • SHA256

    46881e86cabd9d39cb7b57e9a85f2007c1c8fece41e3b5edd74c12f38c4acba9

  • SHA512

    48967574b9577c81470ebe520ddd2beff40e4b2847e5e89a1eacb12d653fe1452826f18e40a6ec6328782827f0f9ba6f1eb23d295628632f2fee8c74c6c5c228

  • SSDEEP

    384:Gd1IDSKDQbkoKDVbJdpGKDGPGAWoNyb8E9VF6IYinAM+oP9YkB/5OtMh:WQ39EPGHAEpYinAMxhBTh

Malware Config

Targets

    • Target

      50ee68942ea8bb92caec46f64d21c425.exe

    • Size

      36KB

    • MD5

      50ee68942ea8bb92caec46f64d21c425

    • SHA1

      6bf4dd3cf4c58a212473c819148ec2bd4710bae7

    • SHA256

      46881e86cabd9d39cb7b57e9a85f2007c1c8fece41e3b5edd74c12f38c4acba9

    • SHA512

      48967574b9577c81470ebe520ddd2beff40e4b2847e5e89a1eacb12d653fe1452826f18e40a6ec6328782827f0f9ba6f1eb23d295628632f2fee8c74c6c5c228

    • SSDEEP

      384:Gd1IDSKDQbkoKDVbJdpGKDGPGAWoNyb8E9VF6IYinAM+oP9YkB/5OtMh:WQ39EPGHAEpYinAMxhBTh

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks