General

  • Target

    gm2.exe

  • Size

    2.3MB

  • Sample

    240511-ycq8ksgh46

  • MD5

    2ce10fcd4e165a82a76f77d1f661fa36

  • SHA1

    a3ffe8a330d9e2128172b74dd76f0a31060c0e1e

  • SHA256

    21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6

  • SHA512

    f2ed5af0ba9173d483943d7a3761ae2419232ec52980597dfc7ef9c79516297fd2df63970528faeed14f642fb1dbc00114d659068c33cc619ff70583da0bc818

  • SSDEEP

    49152:eOtTYNB84W4Vjms6VSSiht/zAKq4uhL61/I+C62w3/MLfQyTIUhlLY/EDZ50R:eOtTYzfVv6VSSEt/z7qfL6e+HaIez0Ee

Malware Config

Targets

    • Target

      gm2.exe

    • Size

      2.3MB

    • MD5

      2ce10fcd4e165a82a76f77d1f661fa36

    • SHA1

      a3ffe8a330d9e2128172b74dd76f0a31060c0e1e

    • SHA256

      21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6

    • SHA512

      f2ed5af0ba9173d483943d7a3761ae2419232ec52980597dfc7ef9c79516297fd2df63970528faeed14f642fb1dbc00114d659068c33cc619ff70583da0bc818

    • SSDEEP

      49152:eOtTYNB84W4Vjms6VSSiht/zAKq4uhL61/I+C62w3/MLfQyTIUhlLY/EDZ50R:eOtTYzfVv6VSSEt/z7qfL6e+HaIez0Ee

    • Detect ZGRat V1

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks