zgrat | e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c | Triage

Submit
Reports

Overview

overview

Static

static

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c
Size

4.5MB
Sample

240511-yr9cpshf92
MD5

4de76ad34e9ccffc91bbec7a3c4e79e0
SHA1

ff1a420b36557b306df4e2c3e020c49abeb3620a
SHA256

e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c
SHA512

ff317dd768d14ec10d1cfc5cf2111b08a2943be55f58066b450ecb27e4531ea54d68911faf7ad4990e1bcb6d56f67b6c2179749266634c1dbb7bcfc57ed27dbe
SSDEEP

49152:Fw+k41fhgCT4O3Qdx09EwApWjGUAN1ZtgX+cvfrmhC0w9O2XM+OBFpGMEMBF:FE2ScXywApWyZZWXLvjmo9iB

Score

10^/10

zgrat rat spyware

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c.exe

Resource

win10v2004-20240426-en

zgrat rat spyware

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c.exe

Resource

win11-20240426-en

zgrat rat spyware

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c
- Size
  
  4.5MB
- MD5
  
  4de76ad34e9ccffc91bbec7a3c4e79e0
- SHA1
  
  ff1a420b36557b306df4e2c3e020c49abeb3620a
- SHA256
  
  e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c
- SHA512
  
  ff317dd768d14ec10d1cfc5cf2111b08a2943be55f58066b450ecb27e4531ea54d68911faf7ad4990e1bcb6d56f67b6c2179749266634c1dbb7bcfc57ed27dbe
- SSDEEP
  
  49152:Fw+k41fhgCT4O3Qdx09EwApWjGUAN1ZtgX+cvfrmhC0w9O2XM+OBFpGMEMBF:FE2ScXywApWyZZWXLvjmo9iB
Score

10^/10

zgrat rat spyware
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspyware

behavioral2

zgratratspyware

© 2018-2024

Terms | Privacy