zgrat | a10d2a23354cf0130e15d2bf55148e7c34131033b62500615a60bb6f13f0c53a | Triage

Submit
Reports

Overview

overview

Static

static

3

a10d2a2335...3a.exe

windows7-x64

a10d2a2335...3a.exe

windows10-2004-x64

Sharing

General

Target

a10d2a23354cf0130e15d2bf55148e7c34131033b62500615a60bb6f13f0c53a.exe
Size

6.1MB
Sample

240509-b91rysee64
MD5

5186cafa1e8ce4e242411acc52996aaa
SHA1

c14b7773f62bb601e4f910ae595cbc8d1f641c32
SHA256

a10d2a23354cf0130e15d2bf55148e7c34131033b62500615a60bb6f13f0c53a
SHA512

a351d17942033364fe8e8e48673c25a1b7988c83432961e35a036d54ab08c9a3b095b5784de9d7442e31f42e41401aaec79b3facd96fcd9a9fa93afd283eb42b
SSDEEP

196608:ZwHfJ12mWXFSrOyruZ1e1l+Sc6Z2Fd6GymVVdq:QIFSrOwk0m3a9hMA

Score

10^/10

zgrat evasion rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a10d2a23354cf0130e15d2bf55148e7c34131033b62500615a60bb6f13f0c53a.exe

Resource

win7-20240221-en

zgrat evasion rat spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

a10d2a23354cf0130e15d2bf55148e7c34131033b62500615a60bb6f13f0c53a.exe

Resource

win10v2004-20240226-en

zgrat evasion rat spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  a10d2a23354cf0130e15d2bf55148e7c34131033b62500615a60bb6f13f0c53a.exe
- Size
  
  6.1MB
- MD5
  
  5186cafa1e8ce4e242411acc52996aaa
- SHA1
  
  c14b7773f62bb601e4f910ae595cbc8d1f641c32
- SHA256
  
  a10d2a23354cf0130e15d2bf55148e7c34131033b62500615a60bb6f13f0c53a
- SHA512
  
  a351d17942033364fe8e8e48673c25a1b7988c83432961e35a036d54ab08c9a3b095b5784de9d7442e31f42e41401aaec79b3facd96fcd9a9fa93afd283eb42b
- SSDEEP
  
  196608:ZwHfJ12mWXFSrOyruZ1e1l+Sc6Z2Fd6GymVVdq:QIFSrOwk0m3a9hMA
Score

10^/10

zgrat evasion rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detects executables packed with unregistered version of .NET Reactor
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratevasionratspywarestealer

behavioral2

zgratevasionratspywarestealer

© 2018-2025

Terms | Privacy