zgrat | 32dff107ec9812713e012e27cd162fb2c6c2f5e6f83e42fdbd003b06b439002d | Triage

Sharing

General

Target

Elеctron exеcutor v3.rar
Size

2.0MB
Sample

240506-y736macg45
MD5

83d409e67d6acbf499581c574026f7e5
SHA1

1f72f48e1fc705f71467233ecf5581cc40684297
SHA256

32dff107ec9812713e012e27cd162fb2c6c2f5e6f83e42fdbd003b06b439002d
SHA512

f7914b3fd51f0429bf29ea3f74b37736f6925233593d2be68b6cc6f974ea36b8e8212668beee4c8067734b352b445abc01aeaa4436bdb5eda7f6fe6b86c3cc6d
SSDEEP

49152:ELYf2YnF5o3tqXys+9kQvNYFg8wyscTAlqru:0RY0tqXuG3Fulcsgru

Score

10^/10

zgrat rat spyware

Malware Config

Targets

- Target
  
  Electron.exe
- Size
  
  537KB
- MD5
  
  3a6447c99a0752f08265c3c011f78a28
- SHA1
  
  492fae50258f2a4fa33baf035ef150de5d76cac7
- SHA256
  
  f8b5714d9863b4235ee7583e0ac56a98fd78a8eae3e4e94b0f86cc3a267cc238
- SHA512
  
  b2a384a69ad2d2f503a8ef0bb2b49fd9529142368b0033263f0e08bd6429c53697687809d57300b634ad93ae261ab52c7150e542ca91c1c313e624c6d9c9ea20
- SSDEEP
  
  12288:Cy/gezsE7GjGjLcL5UVcfs8zPS6pvYqvNdPkhtqQOR4zxqleasIXp/HN0YjuR+yE:Cege/Gwc5
Score

7^/10
- Loads dropped DLL
behavioral1
- Target
  
  V2/Electron.exe
- Size
  
  2.6MB
- MD5
  
  603e36ef24b4cec7806f590aa80f2d0b
- SHA1
  
  071444565ba17b306fe0aab0c3441c91b401da36
- SHA256
  
  7147168c6dfca71ccb41eb522b001423a2c594afd3a7dfaec5d448bcc198374c
- SHA512
  
  f12343fd4cc02446002d1668f9eeab117ae69598345b679836ff2d8ecb3a859ac03b957a47ec2348b6aca3e17a9ae2b5ed1a0d14e8983697a53e7585162bce2e
- SSDEEP
  
  49152:InjJOCDtiAISmTw/ZKeZmssqZzeaxVWRfFl0a8/+PS:QMSNAeZmShvW
Score

10^/10

zgrat rat spyware
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

zgratratspyware