General
-
Target
https://download2390.mediafire.com/xy5pg80lxpbgn8juzZXDbkKW_5cnGfqxWed6BC6ecvFA_PYHducabo7fQF79O7hrQt2fhI0du99ShXiCBO41u0ZDHHmMOXTdZafyzj5j9BFfMYTuDfNzI9WbOB_aVLtApTriWHY6Fr0afxsiF2MCVBU_7HM8Ud3TOigdZGnPlXQ/oeohez6yhml1et6/CEL3RY+BY+GODDY+V3.2.1.zip
-
Sample
240505-s2vpeahb38
Score
10/10
Malware Config
Targets
-
-
Target
https://download2390.mediafire.com/xy5pg80lxpbgn8juzZXDbkKW_5cnGfqxWed6BC6ecvFA_PYHducabo7fQF79O7hrQt2fhI0du99ShXiCBO41u0ZDHHmMOXTdZafyzj5j9BFfMYTuDfNzI9WbOB_aVLtApTriWHY6Fr0afxsiF2MCVBU_7HM8Ud3TOigdZGnPlXQ/oeohez6yhml1et6/CEL3RY+BY+GODDY+V3.2.1.zip
Score10/10-
Detect ZGRat V1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-