Overview

overview

10

Static

static

3

Electron.exe

windows10-1703-x64

7

V2/Electron.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    79s
  • max time network
    81s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06-05-2024 20:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    V2/Electron.exe

  • Size

    2.6MB

  • MD5

    603e36ef24b4cec7806f590aa80f2d0b

  • SHA1

    071444565ba17b306fe0aab0c3441c91b401da36

  • SHA256

    7147168c6dfca71ccb41eb522b001423a2c594afd3a7dfaec5d448bcc198374c

  • SHA512

    f12343fd4cc02446002d1668f9eeab117ae69598345b679836ff2d8ecb3a859ac03b957a47ec2348b6aca3e17a9ae2b5ed1a0d14e8983697a53e7585162bce2e

  • SSDEEP

    49152:InjJOCDtiAISmTw/ZKeZmssqZzeaxVWRfFl0a8/+PS:QMSNAeZmShvW

Score
10/10
zgratratspyware

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Loads dropped DLL 1 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\V2\Electron.exe
    "C:\Users\Admin\AppData\Local\Temp\V2\Electron.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\d3d9.dll
    Filesize

    434KB

    MD5

    0cdcf5c53fc5ac03c206c609cd674394

    SHA1

    dd55af5ca672618fdbce9274e33b3b5da031d87b

    SHA256

    18c5fab197786b2b550edba8f4998debee3281d6d8e721c8a0e3cf5a8a6bd704

    SHA512

    427ecb0d6c052d7f12c07ff9d15fbbe6b1ab9ee63c8edeae71dc62d34263a70cf049be7523eec43a1a9e6a3a112ab1ff12b0ef509a3476fa35070872b2291ec9

    Download Submit

  • memory/1304-15-0x00000000082C0000-0x00000000083CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1304-25-0x0000000073190000-0x0000000073285000-memory.dmp

    Filesize

    980KB

    Download

  • memory/1304-14-0x0000000008740000-0x0000000008D46000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1304-8-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1304-10-0x0000000073190000-0x0000000073285000-memory.dmp

    Filesize

    980KB

    Download

  • memory/1304-11-0x0000000005740000-0x0000000005C3E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/1304-12-0x0000000005240000-0x00000000052D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1304-13-0x0000000005210000-0x000000000521A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1304-23-0x000000000A430000-0x000000000A95C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/1304-22-0x0000000009D30000-0x0000000009EF2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1304-17-0x0000000008260000-0x000000000829E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1304-16-0x0000000008200000-0x0000000008212000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1304-18-0x00000000083D0000-0x000000000841B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1304-19-0x0000000008560000-0x00000000085C6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1304-20-0x0000000008ED0000-0x0000000008F46000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1304-21-0x0000000008710000-0x000000000872E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4616-2-0x0000000005490000-0x0000000005491000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4616-1-0x0000000000E60000-0x0000000001242000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/4616-0-0x000000007328E000-0x000000007328F000-memory.dmp

    Filesize

    4KB

    Download