zgrat | d9583f07e259de85505c1a9e6df27d632860cfb65ae203eed6162294ac5f99f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VIRUS.zip
Size

12.1MB
Sample

240509-tcga6aaa3x
MD5

fed1168d96c1fd2b51a5d9caf29bd3ad
SHA1

76ecc4fb3de9babfd9ea004e35ce805a0574af84
SHA256

d9583f07e259de85505c1a9e6df27d632860cfb65ae203eed6162294ac5f99f6
SHA512

ae11fd92486d1b4903857cbc3d7209f8f6c0db5479a49cfd30133e17ea12017e42491902779c0b88afd11731065d19d656ab652d526769ec41ab60f2c65c547d
SSDEEP

196608:BAsph5T/ApSZyb4fN9RG3OFMCyLI+XDNI55OI8mEZISMD/YYIAcBAdTTlSef:71zNRG3MPyLZDu55O4EZreYYIdITlbf

Score

10^/10

zgrat rat spyware stealer

Malware Config

Targets

- Target
  
  VIRUS/CC Checker AcTeam.exe
- Size
  
  12.3MB
- MD5
  
  15717c3cae5e0fab953c47d78272b64f
- SHA1
  
  358aed328e480468da2e69a31c7c986262f8d794
- SHA256
  
  8ead469ebb7a3d34b586eefd2c8489f83fb1e94ddd4eaf9540afe89d6e533c84
- SHA512
  
  fe216bf3f76facc3dea7afabcf31dc022315edb10a446f926b5bdc5f7329a0df9b64e41712509f94c487ecec4b8e9d512cb1c07caa6bff17239c0332f2414ccb
- SSDEEP
  
  196608:8CUgiFsz12vabgVvjn9eKoo4+V0sX57Qnbi48oCb+uUNJ0PDXBFBrQcKtmk/kjNW:8rhFzR9e3+VN5Mnbi+Cb5A0P9T8c+6s
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1
- Target
  
  VIRUS/dmview.ocx
- Size
  
  132KB
- MD5
  
  9d3d06d04b20c9a61394144dccf7e54c
- SHA1
  
  9ceb4a625359052b1301dca0f12188f935ad62cd
- SHA256
  
  f11df95fae783ddfd452a888bedac3b084405cabe20f36be26000a1738d97c9f
- SHA512
  
  53a76ca5e3fbfa4ad177e2f18521c1253ea3682f05615d4d72a2ce3e0a722d25e76c30dcdefb80a5e1819842617ec2be82686654b4fb483ed66c7df72c625c64
- SSDEEP
  
  3072:DGlzTHF695pCidDnipNKWzmqonzgUYh8LYOEa2muMSM38:o695pCidDnipNhzmbnzgUYh8LYpmUG
Score

1^/10
behavioral2
- Target
  
  VIRUS/dnscmmc.dll
- Size
  
  130KB
- MD5
  
  bdc7ead1e9b59a54f61ad53ec7fefffb
- SHA1
  
  70f53095c292b3ea876bd0a766705dba46a24376
- SHA256
  
  4f64dc86d26ff64f037eea6fe2e8f7224a8f5988c132ebf617ec6a562080fb01
- SHA512
  
  76444e00ab19350fa538bcc6e4d2e6fa2086d1a0c0d946f0eac8a7b059d248a3be9fa5dfef3289028410b1e6fe5be13b2fba939b7c81f3e72ac67c257bd9b897
- SSDEEP
  
  3072:oAgGIoBRZ4VlD8ZVsjxOoFic2cr61Wk57qw8ZcYjbCmjMZTco/YuuI:o9UQ8ZVsjxOoFiUGkCpTco/Yu
Score

1^/10
behavioral3
- Target
  
  VIRUS/elshyph.dll
- Size
  
  229KB
- MD5
  
  6886e3f01425562c23467da967b643fe
- SHA1
  
  e7d1df4121bc7ca59d26869364fa602adf65c792
- SHA256
  
  367322687653b2d0836473fb1b863275e276a5b2aae5c494fc5f786cf52ab471
- SHA512
  
  aea6d69804003788ca4a18441e267295b50891572ea0d1053f02affee5d51163e7b4f254a22e5d102d23e0882cba155937f86e71f38cde844dd89a4feacb5bbf
- SSDEEP
  
  6144:rX9hY++m09tzFJmtMkmV89Xqm6v7W2p+Y7Z8M8NNs:rX9hY+SZkikmV8hWp
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

behavioral3

behavioral4