Overview

overview

10

Static

static

3

fbb6ba1836...KI.dll

windows7-x64

10

fbb6ba1836...KI.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbb6ba1836914f33ecaa3cb35d51fab0_NEIKI

  • Size

    445KB

  • Sample

    240508-hf3ssaff8x

  • MD5

    fbb6ba1836914f33ecaa3cb35d51fab0

  • SHA1

    19afb4d0600ecde28daceaa0f620a84aa49017a4

  • SHA256

    0d66f94c73dcb872d635e9fd741ee6b83b39b2c06149bdf20897985a0515ede8

  • SHA512

    1c56730907e62f2e25c4aacc95b92a548a3f8d5b0f84a27e360d5f3cd49b5e2abba1838057df4c2458552f89c9e8a76d87b489f537b304bc7c2664004f3ae1ee

  • SSDEEP

    12288:E/q4BLbIVjQ8kitrxU3IuIjplqzHZni0i8Bz9:twbIVjQ8trxisXoZ4y

Score
10/10
zgratratspyware

Malware Config

Targets

    • Target

      fbb6ba1836914f33ecaa3cb35d51fab0_NEIKI

    • Size

      445KB

    • MD5

      fbb6ba1836914f33ecaa3cb35d51fab0

    • SHA1

      19afb4d0600ecde28daceaa0f620a84aa49017a4

    • SHA256

      0d66f94c73dcb872d635e9fd741ee6b83b39b2c06149bdf20897985a0515ede8

    • SHA512

      1c56730907e62f2e25c4aacc95b92a548a3f8d5b0f84a27e360d5f3cd49b5e2abba1838057df4c2458552f89c9e8a76d87b489f537b304bc7c2664004f3ae1ee

    • SSDEEP

      12288:E/q4BLbIVjQ8kitrxU3IuIjplqzHZni0i8Bz9:twbIVjQ8trxisXoZ4y

    Score
    10/10
    zgratratspyware

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks