zgrat

Sharing

Copy URL

Twitter E-mail

General

Target

BlueStacks-Support.7z
Size

84KB
Sample

240506-pr6gdaeh97
MD5

bdb0ea71c8721bd08a1b040aeeca3f06
SHA1

29dc997e32e4621dc696bdb33a7d394123544b67
SHA256

fd9559db98211fc18f2e26ccf53ccc8c89086c61a1522d3c5bb8a3aa8f3d080f
SHA512

35454aa36f7bd9c1496e48839d1ecd28d7f65848886995f6fc0fae88998f0e6fd2c8536407a90100a5306b043d2899995b9f089ef66f3cddb6f4ce78c1848a5d
SSDEEP

1536:eoYK6SMYO84CH7RBKrtxVI6uVNT6hjRSI4LYxRBVchispgMo:TYK61g7YTruVl6hjMYdSMAgMo

Score

10^/10

Malware Config

Targets

- Target
  
  BlueStacks-Support.7z
- Size
  
  84KB
- MD5
  
  bdb0ea71c8721bd08a1b040aeeca3f06
- SHA1
  
  29dc997e32e4621dc696bdb33a7d394123544b67
- SHA256
  
  fd9559db98211fc18f2e26ccf53ccc8c89086c61a1522d3c5bb8a3aa8f3d080f
- SHA512
  
  35454aa36f7bd9c1496e48839d1ecd28d7f65848886995f6fc0fae88998f0e6fd2c8536407a90100a5306b043d2899995b9f089ef66f3cddb6f4ce78c1848a5d
- SSDEEP
  
  1536:eoYK6SMYO84CH7RBKrtxVI6uVNT6hjRSI4LYxRBVchispgMo:TYK61g7YTruVl6hjMYdSMAgMo
Score

10^/10

zgrat discovery execution persistence rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  Android-DumpState.log
- Size
  
  42B
- MD5
  
  7e99469fc515349bed79ac0b3c32550f
- SHA1
  
  b4b13f816bfe79eaebf5b2257614743eec80523c
- SHA256
  
  ff72ec0c8074c1a81d4f9b384298728776149a4a30db5ce943c7625c24f2ea1c
- SHA512
  
  5d5b42297e369836daf73ffa34b4f74a0f3873c795dddfe67101051778d4ae3420d2899fc1d14666752e60ce1910989f80610765ab9a1f487dcd171ad0f6848a
Score

3^/10
behavioral2
- Target
  
  Android/Android.bstk
- Size
  
  5KB
- MD5
  
  baa42bc1816a1f0050117c3520824942
- SHA1
  
  68b2abaa11e7df9d08c0d008c89e7a2cf663d615
- SHA256
  
  08a7a4e520890ba11d6d8676629e3148eafc63fc1bc3681d9ccb6d8664c2b083
- SHA512
  
  65994962e67c623f73f43513316e60e6cf2e306bf3857b9a1f116ab0b58308d8b5218ff6ef72342b61a569f52f112fba42df93c935f7524ff5bf3fe18b49d210
- SSDEEP
  
  96:e2LNfzrBCGzCcECgCsEC3ECfCBECGEC7kCmEC2ECUC2ECyEC9CyECpECBECyCDE5:e2BfMzGt2Za3MFsc5cIYIP33lpyQB6hV
Score

1^/10
behavioral3
- Target
  
  Android/Android.bstk-prev
- Size
  
  7KB
- MD5
  
  046b1bcca96f4ec71daeb5bd20f72270
- SHA1
  
  6a735a5ae29f20cabe52411d2607e1499765febe
- SHA256
  
  7f0d95fa70a63e98c2a64a25129739768a461e3c981fa17f2e1aea8370832f2e
- SHA512
  
  6678607328b433c64baadb3183184de854aa3076aa2a1781b12f316334d4d255bbea00f6315ebea61ac99ae802d2f2e9ec9ac7f0880d373addf7dd7a15a9febe
- SSDEEP
  
  3::
Score

3^/10
behavioral4
- Target
  
  Android/Logs/BstkCore.log
- Size
  
  3KB
- MD5
  
  eb34e05b36c0bca258bb45ea98b4f028
- SHA1
  
  7cb742d06fd2a78f33a86cb6240239205063af9b
- SHA256
  
  2ff26bebfce99e8fd281e7083bbe7684b6d05692c006b4226df3914dcb334bb2
- SHA512
  
  65b768c90ef256e57da520831c06a8a010ffac14fd3f4483e49db75e3b4b0393b0d4987ffe1b6b3099356725da8ccf392b81595bee2441c2c0bdcc2e4a492ec2
Score

3^/10
behavioral5
- Target
  
  DataDirListing.txt
- Size
  
  135KB
- MD5
  
  5762f88504802efdc44d90e17536b1c2
- SHA1
  
  3c03ab3624bdc836967952324e5c3348bf2e36d3
- SHA256
  
  c1c1f6a0e99ebded2be1ca4aaa5c0cdc052dc8007944bc0310d2dc85f4e1b1bc
- SHA512
  
  e2bef2980c6cf3356264285ef07ee0728f62b17eec8d3c8c3b1cee2d48262e18ad537cf1c56fb6ab70c3340947200e8391a243f0dbe3dae4520796c989bac2ff
- SSDEEP
  
  1536:9v0gikq6FyRWLYDupJ7TCscD5w8/Qd8d75NC9egHDGWJ8BEN:t0kqcy8LmupJ6sKQmd2USJ88
Score

3^/10
behavioral6
- Target
  
  FreeDiskSpace.txt
- Size
  
  243B
- MD5
  
  7d5460dfb4ab7c78f843fef946ac8768
- SHA1
  
  357cd1be980618740cc036589e1f06518993ec64
- SHA256
  
  dca1fe27944dd49a042d5424d0e095598159cd94f0bf91ce4a078ab68099db7f
- SHA512
  
  7a49a292de91b4e1551a4d9706287f3b2f89408d9c2a0ff61cef2706c908b9b78bcc00d223270062b8d4997db67612398ffc1070fdd31bed3df6f9174ff22828
Score

3^/10
behavioral7
- Target
  
  Host-ipconfig.txt
- Size
  
  2KB
- MD5
  
  afdbf9b02821742eac1c88ae124300a8
- SHA1
  
  c0e64fc72615fb2e44eda16f6400ea3aa37ea940
- SHA256
  
  6afa5e7b4145afea9d3d54e4a26a20e2f8a1489fca6031a3145c708d48d2c624
- SHA512
  
  77c679bce2d4d7d12da52e1eea82bc59b210e49f438eb5b89b163b945f5115baffd9c2b12e57e3f015700a6d8c34620b0f53547b402ab865d046eb9c1b5c4196
Score

3^/10
behavioral8
- Target
  
  Host-netstat.txt
- Size
  
  28KB
- MD5
  
  3ad8f33761058b1ae18e2f4a36d79170
- SHA1
  
  639f8983bfddb62eddcbcc6c3674959bdc5fcbec
- SHA256
  
  35459590eed04a3e1283ca6f2e983e0d53f82f783a073c2a23857dd76bb5f8b3
- SHA512
  
  0e14ad8503e08a3b4ce4976dadc4f2dac7c14be554972ba512e509cc5a4286d138e5ef86b00066629c3765663158c94137603a1c9c1ac7a66de908378a7a7015
- SSDEEP
  
  384:2ln/fsKBlLz1mTuKkKMK81dLSCzYo7ZCBsq:c3soW
Score

3^/10
behavioral9
- Target
  
  Host-netstatistics.txt
- Size
  
  958B
- MD5
  
  d546b1ff53fd12966901cdac26c10410
- SHA1
  
  24beeea6fcb1cdbd5d6a11e60e5f5f0fdac4548d
- SHA256
  
  1bf356add798353bcd335eb82d1afaf9cc728b527b543f9c96f75508d5ac5428
- SHA512
  
  7bb63b64b0703b9e230d51910e1de1a5b2b101b9ce2028ff7161c0327ca2338bfd9e03c7bf0507847cfc2b12506e13af3d83c9ccc670aeddb76e158f3c731139
Score

3^/10
behavioral10
- Target
  
  Host-nslookup.txt
- Size
  
  165B
- MD5
  
  f07aa92d2c13ca62805ec9825fac08bb
- SHA1
  
  6a96a716bd9e9b424491f38de849f2cd06b6c90e
- SHA256
  
  972ebd0a862a4c9219c8c84c9bfe9ff2ee81c3ddb61f77aa230b7732d07e78e1
- SHA512
  
  874dcd74a6922c98b210b736212230b86904d801fd78aa7eb8efd9be6105065c759a9bf027fdf4c8c09c3e6685c4a280d06da7c3efb22f9403bca98229c55021
Score

3^/10
behavioral11
- Target
  
  InstallDirListing.txt
- Size
  
  9KB
- MD5
  
  1bf336c48acd4d46b33efd8bc0f55975
- SHA1
  
  4d4427957de76bded94b1831eed31a6df9cd844a
- SHA256
  
  bd3a89cc88b7bdf57356c75f87b92d85a36547200289611b4cebcae23f985f3f
- SHA512
  
  529d7cd1943821e681398c05a1432dc988922f2b498a086c702b3bdc3676a5254191fef6d772ac2a410227518f59311c30e7765b7837e3c6362715c659d828ac
- SSDEEP
  
  96:UuT+iu9yx2bVAkVKlx8YrkAe5sbBLoH8i+S3Aoqj3opG1mSnLh6Q1US57aiMcHH:Wiu942bVw4nnGJLU+7aiM2H
Score

3^/10
behavioral12
- Target
  
  InstalledPrograms.txt
- Size
  
  5KB
- MD5
  
  9b45cfd47f0f9b6ad4b730ee100af03a
- SHA1
  
  2ad81ae6ec733dd912de6cd714ce66a08d593685
- SHA256
  
  2f088b1d64dac7d60a7134997d357dbf174034b12cc53dd9018041151dfdd836
- SHA512
  
  3411871f9b6d2c0b4e1c64c128bdd684d171c8c6ac5bd1eb5216f2dcf1aca85b4bf9971a342f3a198dead7b58eafa117465b68062ffa7508d215578ae03df0ad
- SSDEEP
  
  96:6AAItr48VKtUU6lL7bcBQQq5QUDatT0Mk+OFEdVc5QYDD9NcdA27h9iAZONIDp45:H71sCcFGJqYQc
Score

3^/10
behavioral13
- Target
  
  Installer Logs/BlueStacksMicroInstaller_4.280.1.1002.log
- Size
  
  3KB
- MD5
  
  e428c12d8a408bee2e9f6cfcf3c153b1
- SHA1
  
  0165bd0e5cfd8d5b49b1e6e72a02ffde597df75d
- SHA256
  
  dcd27dedbafcee866b5387bc61c18d020ea3de7264ae4254b55e2fc576a20660
- SHA512
  
  ae86f0c93b94790afc042b15de9383b9efab2c418315f574aaad793841d690fda6821a1f53f12915e92d39b3d388c822a986f47c41c27349539fb06e9fc1f345
Score

3^/10
behavioral14
- Target
  
  Installer Logs/BlueStacksMicroInstaller_5.12.102.1001.log
- Size
  
  12KB
- MD5
  
  db090b14fbd272ca65f5919c003f0957
- SHA1
  
  5fd5cc7b0bb33d6f0eb94e7131a109a21cb9dbc7
- SHA256
  
  4f2bbe2fc7b29eb69e7ebb5835bd8304ecee1aba7c5f8917b1d5dbaf7f233071
- SHA512
  
  23b983ea78c571334cac221ff6c41a5c66d4b142bbc1eb2be2feefb39d42ec07d84d455a2bf1de5d9b4da2e1845ac90499de62f06b593667934968b25d6d7612
- SSDEEP
  
  192:yMMMqG8QqGuLzaAXaZJxoIZXcZUs9G59S456m9Pmrk2x7/oTd/8SZN:3IWS456trkUoT1ZN
Score

3^/10
behavioral15
- Target
  
  Installer Logs/BlueStacksMicroInstaller_5.12.3.1001.log
- Size
  
  12KB
- MD5
  
  3e143aafc639050697b6a3387938463c
- SHA1
  
  c10892fed56580afbd84e30ec850ec1d7c4f0f31
- SHA256
  
  43c7e04e25942245cf4c702dd69f93385ba168edc202e433d11fb8d7ebd84c8c
- SHA512
  
  1d01c8ae94dd23bb7102ed7527ccb82993a29b17db8aff5bfa54a9da4d2254f20c6de7e171310f2d0818a6207f4f74a2e549fa3368d44a694e5bf0a447103e60
- SSDEEP
  
  192:Mf+6B5h0+ZyR/AS2+lQJRFGf2GJ6n16o28:M4+ZsQJQ2G8nN28
Score

3^/10
behavioral16
- Target
  
  Installer Logs/Logs.log
- Size
  
  686B
- MD5
  
  fffdeb043debf6c9a671efdbeedeb8b7
- SHA1
  
  9a44d77213e22bab932caa2475d943157232b43f
- SHA256
  
  b80ecbd239e3762b74cc6bedd641cb3a0e34c979f2d33a09e79899cef2a0b957
- SHA512
  
  cddb1cb61081cf10ca534ea2a20987bf788633756e7c5a5931b9581688f9eb139cd4862d5827d69ae22a77b2c615d26968bd4ac5926df1b449a16b0b020108b5
Score

3^/10
behavioral17
- Target
  
  LogCollector.log
- Size
  
  9KB
- MD5
  
  e97ea30c41dd1b0940dc9e959e9eccbb
- SHA1
  
  d3dde296bb44a6ddc667c28193bdce552a8c4ec1
- SHA256
  
  33168e760bce365edacaa94676b75f4d446c47c14a5f54f29b7fb6b363a34be5
- SHA512
  
  b6a5d5de4a57ed436043a5397dd7adf01583cc3f81810b737318aa1fd7524e811ddc0478730cb2392c5f526629fc901913460aacfe2f92cf3c9bc7e265333c2d
- SSDEEP
  
  96:GPoMBTy/wKryDMhjCOysErWaHiFbNY3q91xoleeApqXhQDX:qjDMki0WaHiFbNaqN4A
Score

3^/10
behavioral18
- Target
  
  Logs/.log
- Size
  
  106B
- MD5
  
  8f527c69abcff235595b6cc86db35ddb
- SHA1
  
  e448d75c5ef19fe7acb3bbb63f2c3a9e87aff07f
- SHA256
  
  3f69756603cb27164db44f742057e2ff9563d7514b769e26be17798e200054e3
- SHA512
  
  c13a09f2ebecd990e48fd5deafc4155c05f083f548c5ed000afb2c4914fd9e3047bd61ad640df77dd6b7d746834b935b1bf7cf76167407e143e64cbc8407623f
Score

3^/10
behavioral19
- Target
  
  Logs/BlueStacksUI.log
- Size
  
  69KB
- MD5
  
  eed0f9ae912aa42b8b019d61d69b0ab2
- SHA1
  
  0aba6c02b5717be1b0422a0d1a343dd9e198003d
- SHA256
  
  9774b50cfa3ce6b01748ff509ace006c07d1c0d6f61e74c77f7a1e831430f742
- SHA512
  
  ecee79f9e7bd63f1f5f4f5c2d215829b84db6978d2d529d0f1436facb1ce3431f17ab1020363f37c33b2e58f479e6dc5bc8cbcac309e5a11166d75bdb22140ca
- SSDEEP
  
  384:fAgKDqYb1dJJ697bXIh8c3oDSvQkoQgMlsX5OdDb7cm3BnPOvOf0oVy+STJJz+rG:Gnt+oWf
Score

3^/10
behavioral20
- Target
  
  Logs/BlueStacksUsers.log
- Size
  
  18KB
- MD5
  
  09d0f5e2969e007040223442198f4009
- SHA1
  
  07c078ee7d3c2774280b2b1d54bdff05f4a64a8e
- SHA256
  
  078fcef5fb0477dca2168ceeb4ad8e721c6ea8c06c058632877a7f741ee62fd9
- SHA512
  
  c95ef38d7ea378ed3e8add57297631849cb5dbe6ad21ef7ace9a1052fb62b7860faabbb0a29af9f3cbd892a4c1958db91170791ba7ce2cb589f47eb9b43ae080
- SSDEEP
  
  192:QtLkHef4sNymdrUWgBfmJxFFrUog9DbFrU2DmAGoghv4spg7Rp:QiHRs9VUWgZmbFtUbD5UrAGoqv4CWRp
Score

3^/10
behavioral21
- Target
  
  Logs/Player.log
- Size
  
  202KB
- MD5
  
  8d01615f5e639cc37eb33c7fcf915d29
- SHA1
  
  90fda25e37b12470f7b2d52610da698ce1347d70
- SHA256
  
  c742fb94bd0e3052432fd5734f1711edb90ffb6b7162d198539a0cb2e0dd12a3
- SHA512
  
  a478effae60a0513303481582dea82e48bb59ce31b9558e900ddc2fffa55542059f37724aa21cc0a54afaaf95f9ed877d256e36d3682afaafb1120c19e618582
- SSDEEP
  
  1536:OiKaj1fIMBeOwL0tOMRF7YttpK92R9gJx:Zj1IGwQtr7et1RyJx
Score

3^/10
behavioral22
- Target
  
  Manager/BstkGlobal.xml
- Size
  
  748B
- MD5
  
  9adddd55865dc2c75e2e191c84de5979
- SHA1
  
  7fb656d7b9232cf85eb19832b233a572ff94dbb1
- SHA256
  
  13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf
- SHA512
  
  34ceb50c1e184f26f738426e7a126e6c4cf574e6d2349e4c02ca966a4971a27c710aaf4483b5af090303daf00d56aa5aee0a80cab7fb61c4090775e5e0bfe783
Score

1^/10
behavioral23
- Target
  
  Manager/BstkGlobal.xml.in
- Size
  
  735B
- MD5
  
  7228da7250d357ec26e8755a0bdbd652
- SHA1
  
  5dc58d42ae4ab18bf1f9ca68eaa69110c15cf626
- SHA256
  
  afb523c0c62b7ad8737517d1af92717cf9cc7fb6533bd7d03378fce7b5b24e89
- SHA512
  
  33e53bd7a680972daf6d2292d221faecc1e138d31342da1675c7d20995ab8217dda9dc7cdda1aca9e8e0ece89cf40170733cf5642c6a4e8417b02792ff3b13f6
Score

3^/10
behavioral24
- Target
  
  Manager/BstkServer.log
- Size
  
  1KB
- MD5
  
  ead12f067832433214645c7e986288b1
- SHA1
  
  cf502f47aaf6a7e623beb45f85d0323eb67127fa
- SHA256
  
  ddf9c175615205c0ac6d629206aa4ec89af441e806c23ca64414a88fcd706082
- SHA512
  
  8d00bfd12abe856244f35a6d3fcdbdf8035aacb1f8db9e7cbe63dd119ee09bb59a15b8c045726ff2009b6e419efa804a6d9353d6cd1a69461c8903eedc427c62
Score

3^/10
behavioral25
- Target
  
  Manager/BstkServer.log.1
- Size
  
  1KB
- MD5
  
  53439b4c192679080fbf0af28d449e2c
- SHA1
  
  1da901902c4df7164030d0d40e3b4c5d53d6cb4c
- SHA256
  
  6dbdee6f6671fb36f544a08f2dc0217a63f2807da8652a7d7eaab87953dd8e64
- SHA512
  
  efd4676e554d233f2c93d4587fe13f8c93c72715e0fb42bbbe51508f19bcb7b7861eac0683618dcc89f63dc4c0f5511a57eae8b1ae8d9dcf6c39d711407cc9e0
Score

3^/10
behavioral26
- Target
  
  Manager/BstkServer.log.2
- Size
  
  1KB
- MD5
  
  ccae69d5b72d3ba308651dee4fcccffa
- SHA1
  
  8cf535680150d4006d999e9dce3abccad02b88f6
- SHA256
  
  26602982ed2ca55c3864637da10b83913b08eb7a6bf967da6cd1b83a0b765cfc
- SHA512
  
  3be05edcf780372e7ba77296a3d68a1f4ca261fab2a65b6490e85f3de9edef3fae704616c3c1e9bcbfbcd5de1f8dc251d46dd02238b2d901efe31ec59a3cbb25
Score

3^/10
behavioral27
- Target
  
  Manager/BstkServer.log.3
- Size
  
  1KB
- MD5
  
  8e8daebde3d2f5087f45151bba64c8f1
- SHA1
  
  2aef68b7fa4447db73843533cd18349d0fa4ec4e
- SHA256
  
  8561e1fcedb8ae56165ad2284eb2e87b78b1a8e34dd6a72337d1557dc3b8ebbb
- SHA512
  
  21bf3f6ea16d9db3f2a54e674c58c4e8a5da091b6e04a1d294ba3c77bd22d1350ae209eb04074359ba0fa7c8918a39b11d3f00df5133e2a0bd1384770c7b0f39
Score

3^/10
behavioral28
- Target
  
  Oem.cfg
- Size
  
  816B
- MD5
  
  e28c53401ec95bc9b75f43ae0dcddf96
- SHA1
  
  cf11b03a25c5ce082f24f8832beca3994a501720
- SHA256
  
  8d5d794dcc24bf8535fded17a82b8dad7396c327fae176387b5f43a4db1d5988
- SHA512
  
  cd314ab721e57411ffcfdf0bf3678818a8590694a1be55e6dd7d0b5f6ec19908c7a034dc82f9a802d3e44a12af34ef8f8cbae68cc8b293d95a588bb92be7df31
Score

3^/10
behavioral29
- Target
  
  RegBstkDrv.txt
- Size
  
  1KB
- MD5
  
  cb2fe93e5383e928d3cf0d3a1c747b5e
- SHA1
  
  b46c880f5d2ec189ff620920e13452a706c4ba3d
- SHA256
  
  d10152a315f569a2e69150beefa70f0f64e0eb9e3c9c5dfd2123424dd10e9f7b
- SHA512
  
  85fbcdc1dc016f3fd75e468d79f70d254b8f29b4433fcab0f66762d22d8f13c5b1b3ec19918cf090849dcd33d11d34ea9594c2170f74726530adeb978c1a394f
Score

3^/10
behavioral30
- Target
  
  RegHKLM.txt
- Size
  
  28KB
- MD5
  
  423dd5dc111d23d632c047fcef1223b6
- SHA1
  
  df11fdc6a66e59e89ecb235eafca5442a701f91f
- SHA256
  
  1f6ecead407b2d1594ac054a3e64cdf745a68af3e1e8787a853ac6f2e91d545a
- SHA512
  
  23bd615a92e29843153cbc9372dacf3f603a1696571e230049748dab8a669374852e743cb457564993130b7344c53f56ccdc26e47f6438359c99523ac93b39cb
- SSDEEP
  
  768:2fC2kpuC7ukRYH3eFw37AvMjb+Q0H5SIHaJ6o:2fl1k+
Score

3^/10
behavioral31
- Target
  
  Startup.txt
- Size
  
  3KB
- MD5
  
  c9f63ad875434c645b6854951136cd10
- SHA1
  
  75108bc7e836d34c1ce06b3be9cdb17499e4a7e0
- SHA256
  
  779b156d4a1eef8f61851fb69b445c96ca80b9cf33295768f305a0e1295913d4
- SHA512
  
  a76cd0afc6d29646cac8f2717a8828c2c756761be47972e2fac8463f13dd7cad35ecf609942d97a6fea633deb1ff260cb38ee76d393d9cbc9d0f3ac9161043e5
Score

3^/10
behavioral32