zgrat | 7fdc605f25e5374bad102386657bc0189ffa5ab62c3a9cb0fb35f1cf95befafc | Triage

Submit
Reports

Overview

overview

Static

static

memez valorant.exe

windows10-2004-x64

Sharing

General

Target

memez valorant.exe
Size

6.0MB
Sample

240511-jxlfhaab72
MD5

8b79741f93dfe2a98005fcedb8cc9e09
SHA1

e5b9ae63c045248ee3e0810e73b80f5f853e8574
SHA256

7fdc605f25e5374bad102386657bc0189ffa5ab62c3a9cb0fb35f1cf95befafc
SHA512

a3b3831a1993544253ae966b08f6976be286cdfa8d8a26816ea1dda1b2ae22f91018ce0c3772615bf9679c684dadb13a629f4e4dfafaff2f3ebf3a17c1f66bf9
SSDEEP

24576:aTbBv5rUleX5BM3YIzE0+l8T8/7Vzy8/PoUNjmo59k1UWAaL511wElDeQpx1Kh:sBnX5BWt8j9hdvKDfucz2

Score

10^/10

zgrat rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

memez valorant.exe

Resource

win10v2004-20240426-en

zgrat rat spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  memez valorant.exe
- Size
  
  6.0MB
- MD5
  
  8b79741f93dfe2a98005fcedb8cc9e09
- SHA1
  
  e5b9ae63c045248ee3e0810e73b80f5f853e8574
- SHA256
  
  7fdc605f25e5374bad102386657bc0189ffa5ab62c3a9cb0fb35f1cf95befafc
- SHA512
  
  a3b3831a1993544253ae966b08f6976be286cdfa8d8a26816ea1dda1b2ae22f91018ce0c3772615bf9679c684dadb13a629f4e4dfafaff2f3ebf3a17c1f66bf9
- SSDEEP
  
  24576:aTbBv5rUleX5BM3YIzE0+l8T8/7Vzy8/PoUNjmo59k1UWAaL511wElDeQpx1Kh:sBnX5BWt8j9hdvKDfucz2
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspywarestealer

© 2018-2025

Terms | Privacy