zgrat

Resubmissions

10-05-2024 00:32

240510-avsmcsgc2y 10

Sharing

Copy URL

Twitter E-mail

General

Target

S0lara_V2.0_WebBypass.zip
Size

8.6MB
Sample

240510-avsmcsgc2y
MD5

38f7d120243a1d4c733119d0549cdf79
SHA1

9554851b9e3733087fd1830e204669e37468ecec
SHA256

96696d9c34dc08813fb92d636f7d0e31755844f320ececaa0de07a0ccd694a83
SHA512

15a0569358e2c5785d80d35dbddedecd9bf6b90fca316dc6316a92c268a89fcc05441cc4779fa3a4c5b92125996a62c1a72caf331c69cff3fa0680a12584da38
SSDEEP

196608:ax6g6NKDeT75jcLD+xklUrt78RBwVIU3sAFpaqVYHyKWJI:ar6My5jXOlUewVI1wcqnE

Score

10^/10

Malware Config

Targets

- Target
  
  Solara V2.0/Solara V2.0.exe
- Size
  
  850.2MB
- MD5
  
  cdd48589dc494fe2587e9411312ab604
- SHA1
  
  692ca2c9e7c3b767ed5d324a1968c98a08a4cd49
- SHA256
  
  baa041ba8b10a271b1a7e530acc21e39b7844a8eeaf9bb6c17e551fbda6c0b95
- SHA512
  
  8e73eb4c947106884568252d5d8db1e378a9bfce89f9024d86ff1eb0c4ea01a07bae7945a82872c15bf4623f4bd046886cfe0441a2982472dbd0ca886f8dbf99
- SSDEEP
  
  3072:dagGCj4S7tx7qy37OEfBcgJQ6usF++FukQRHIAQTAXg8xrP:cgGA5N7HfBPnuS/FaplP
Score

10^/10

zgrat discovery rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Solara V2.0/Solara.dll
- Size
  
  6.6MB
- MD5
  
  110e9512db3d6a513d94db3729919c0d
- SHA1
  
  255dcd16391adea11a8fb06dbe6ea4b5dd8afb09
- SHA256
  
  d4879d299553da0777a1ed4de8e5d77f89c493975133723529cd45891a278fa3
- SHA512
  
  687f415b2a934de6fb82a740b737b77a4683ab6da914dddf67eb28006df8f8cb695b4011a13d16a1df247f83cdf04f8f979345ae098d3ccdc44d1e55fecae5bf
- SSDEEP
  
  98304:MRzLN6+Wb8g+p9zZzyG74bajZ8XN33VMiBDeUaN7OaM2U/MwfGl8torJr7IX/1rJ:MXASdzyG74bajZGy+uNfa5el8tEPI1rJ
Score

7^/10

themida
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
behavioral3 behavioral4
- Target
  
  Solara V2.0/Wpf.Ui.dll
- Size
  
  5.2MB
- MD5
  
  aead90ab96e2853f59be27c4ec1e4853
- SHA1
  
  43cdedde26488d3209e17efff9a51e1f944eb35f
- SHA256
  
  46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
- SHA512
  
  f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
- SSDEEP
  
  98304:Com1p/B6MvSmaRI+VcDNkq4pmvhAHDfyyrhl:W1HZNkq4p
Score

1^/10
behavioral5 behavioral6
- Target
  
  Solara V2.0/api-ms-win-crt-string-l1-1-0.dll
- Size
  
  26KB
- MD5
  
  aacade02d7aaf6b5eff26a0e3a11c42d
- SHA1
  
  93b8077b535b38fdb0b7c020d24ba280adbe80c3
- SHA256
  
  e71d517e6b7039437e3fc449d8ad12eeeca0d5c8ed1c500555344fd90ddc3207
- SHA512
  
  e02fcbcb70100f67e65903d8b1a7e6314cabfb0b14797bd6e1c92b7bcb3994a54133e35d16da0a29576145b2783221330591526f856b79a25c0575fc923985a6
- SSDEEP
  
  768:96S5yguNvZ5VQgx3SbwA71IkFD7RwL9il:9l5yguNvZ5VQgx3SbwA71IEVwL9il
Score

1^/10
behavioral7
- Target
  
  Solara V2.0/libcurl.dll
- Size
  
  522KB
- MD5
  
  e31f5136d91bad0fcbce053aac798a30
- SHA1
  
  ee785d2546aec4803bcae08cdebfd5d168c42337
- SHA256
  
  ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
- SHA512
  
  a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
- SSDEEP
  
  12288:InAnSwPc/1BzyLmI2MB1MqcUfCKHU1XAfK6ae:I6Pc/1BOKtaeqcUaZXm
Score

1^/10
behavioral8 behavioral9
- Target
  
  Solara V2.0/msvcp140.dll
- Size
  
  576KB
- MD5
  
  7b92a6cb5d2cad407c457ab12d2b211d
- SHA1
  
  e04020b3448fc6084fa31b7f791f22ff15e31328
- SHA256
  
  3c6a772319fff3ee56d4cedbe332bb5c0c2f394714cf473c6cdf933754114784
- SHA512
  
  b28740c1aca4f0f60a9e4a9ab5a0561af774d977ab6d42a7eea70c9e560c77c50be5d9d869f05d0435e2923f4f600219335d22425807ab23cbbcda75442c4b42
- SSDEEP
  
  12288:RI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRvbQEKZm+jWodEEVhQ:RD89rxZCQEKZm+jWodEEPQ
Score

1^/10
behavioral10 behavioral11
- Target
  
  Solara V2.0/runtimes/win-arm64/native/WebView2Loader.dll
- Size
  
  121KB
- MD5
  
  aeb1b80258d8c6bd9b88d309fc938823
- SHA1
  
  b6c1e5e3e4f2799285757ad091d7ceeaf3c6de35
- SHA256
  
  60a48cb3a939e30ffcee0f84cd0967231693c6e0bcc60ab5c77ff90ecf68824f
- SHA512
  
  99e826c074bca009d7720b82cf9fa0ad780967c523ec372578a9a906798db19a1e2f75acf9d0cdbdd78b83043df285127cef524f699b178e1a4b03b8996de004
- SSDEEP
  
  1536:7DIqUepIC7H67AsPWl0+mWfvkvzGwsWWdttSDjEtIectI87n+INj:7DI7eGLXymWU7GV7SDjEtnca7w
Score

1^/10
behavioral12 behavioral13
- Target
  
  Solara V2.0/runtimes/win-x64/native/WebView2Loader.dll
- Size
  
  133KB
- MD5
  
  a0bd0d1a66e7c7f1d97aedecdafb933f
- SHA1
  
  dd109ac34beb8289030e4ec0a026297b793f64a3
- SHA256
  
  79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
- SHA512
  
  2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
- SSDEEP
  
  3072:e5i6Uab3sFhPk6vEmG1PU6dLXm2ng3esQDqEt2JljdTu:e5P2e6vERtUyTmHEtmI
Score

1^/10
behavioral14 behavioral15
- Target
  
  Solara V2.0/runtimes/win-x86/native/WebView2Loader.dll
- Size
  
  107KB
- MD5
  
  e2a10346ba7b74f8c79afc419ed470d5
- SHA1
  
  3ced830ffa621ce122169433b224c3df7fed0f3f
- SHA256
  
  79885ef79591964477c09afd51c4f1981a4904601c23247975b9f84cb5d7b84b
- SHA512
  
  da58cba7be5bd12048cdd4f31d2835b8db5bbe93ea178941ff1af4cd6712175a0aab2945415d016648399838d80e6e33215d12a25867a4b0102356230ba22803
- SSDEEP
  
  3072:XXKaNm8sCEvfpFVUKbiDUuP7ANt+/NvcD/EtK9nsnRj81:X6ac8sCiXbiguP7n8EtSnIRQ1
Score

3^/10
behavioral16 behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Detect ZGRat V1

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Themida packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17