General

  • Target

    eb508c21c59a7fff7924f7243e5949e8.bin

  • Size

    453KB

  • Sample

    240505-cbv99aah9z

  • MD5

    3105fd21aa5fc29f299491fdf8200698

  • SHA1

    aab20222844b8de0a8d987bfcb36ad4233fdc01e

  • SHA256

    f3ba186ce93606bdcb7367861123d485b70096e23e23a10aa58ed3632169df91

  • SHA512

    eed27dceb81f7dc2ed263632bea94f5c82d484bc26fa01a8b250e9de5174ad69c02bf68d361c68578930648c534a4ade004235e0960a99a1379321445f60c912

  • SSDEEP

    12288:/dH6gizCszjX1pqFknEpuvWixlP9Ny4+GprAZELH9lnXciqw:Va3CEjFgsEpGWiNEEJAwZcg

Malware Config

Targets

    • Target

      bc415aafd68de975f42d71ef25868a7de65ddf166a0bb03246243c6d1b0a0af1.exe

    • Size

      545KB

    • MD5

      eb508c21c59a7fff7924f7243e5949e8

    • SHA1

      8ff01f312f4c37aeb98e6a4afd61aa9dd0fec383

    • SHA256

      bc415aafd68de975f42d71ef25868a7de65ddf166a0bb03246243c6d1b0a0af1

    • SHA512

      3e5b19768160960710b3d7d198d5a8bc3d040a084ad6a47c1e7f1b03bf780df3886a0c7d8ff58c30f06afc4a136b91eb2841c895c01f0e8020f52b298a9de5e0

    • SSDEEP

      12288:/AyIUo5xsD8c/7Oyo8LR9zom3Q3WZaIVir52gPi:9IHLyogR5omUIAv

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks