zgrat | 9fe178097506372bcaa09964bf9c25604db59eac8331226b165ce3d309640538 | Triage

Submit
Reports

Overview

overview

Static

static

3

9fe1780975...38.exe

windows7-x64

9fe1780975...38.exe

windows10-2004-x64

Sharing

General

Target

9fe178097506372bcaa09964bf9c25604db59eac8331226b165ce3d309640538.exe
Size

1.0MB
Sample

240512-btbg5ach33
MD5

806a6920de25de8378a1c9e212ff9d9b
SHA1

03e36c332690f6c4f5e93f3396fc449ef685fc48
SHA256

9fe178097506372bcaa09964bf9c25604db59eac8331226b165ce3d309640538
SHA512

9262602dff25a737b646c14a95753d4154bc67b22425a4656179b443325474e44fd201d9aef69cff87672dffac5b2f0b9a21a7f1dbbdb9467e978e2c9c3f1203
SSDEEP

12288:I8BoPxga8/eHS4eKObtfPIuuI0BcZ25p74yG/3q8YieEJOg8yaT0vh7i6Cxzs9hG:bBRa887eKOxfA3I0Bbrwq8YiTKj

Score

10^/10

zgrat rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9fe178097506372bcaa09964bf9c25604db59eac8331226b165ce3d309640538.exe

Resource

win7-20240220-en

zgrat rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9fe178097506372bcaa09964bf9c25604db59eac8331226b165ce3d309640538.exe

Resource

win10v2004-20240508-en

zgrat rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  9fe178097506372bcaa09964bf9c25604db59eac8331226b165ce3d309640538.exe
- Size
  
  1.0MB
- MD5
  
  806a6920de25de8378a1c9e212ff9d9b
- SHA1
  
  03e36c332690f6c4f5e93f3396fc449ef685fc48
- SHA256
  
  9fe178097506372bcaa09964bf9c25604db59eac8331226b165ce3d309640538
- SHA512
  
  9262602dff25a737b646c14a95753d4154bc67b22425a4656179b443325474e44fd201d9aef69cff87672dffac5b2f0b9a21a7f1dbbdb9467e978e2c9c3f1203
- SSDEEP
  
  12288:I8BoPxga8/eHS4eKObtfPIuuI0BcZ25p74yG/3q8YieEJOg8yaT0vh7i6Cxzs9hG:bBRa887eKOxfA3I0Bbrwq8YiTKj
Score

10^/10

zgrat rat spyware
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspyware

behavioral2

zgratratspyware

© 2018-2024

Terms | Privacy