zgrat | e1696968ad55e7e03a8334711d90350c4145fb4f60de5fb4a2f5f19187183c05 | Triage

Submit
Reports

Overview

overview

Static

static

zune.exe

windows7-x64

zune.exe

windows10-2004-x64

Sharing

General

Target

zune.exe
Size

2.7MB
Sample

240512-ccn8bsea69
MD5

d395e798b9884b6c1837fe4fe147a3fa
SHA1

530ffbe23bbb3f88fb97ff95ef5486d3628776a3
SHA256

e1696968ad55e7e03a8334711d90350c4145fb4f60de5fb4a2f5f19187183c05
SHA512

30cc4aa9b0e7e6ff85d56a11b2f81e079687d4c2ac87ac72835c15253787fe9b15bd4308ffdb689301b5816f0f3c7fd8f6700b71aa991bf8c066a5f6ba36eb27
SSDEEP

49152:Bik3l/s9YcuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9u4:BvVsGfzsG1tQRjdih8rwc

Score

10^/10

zgrat ransomware rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

zune.exe

Resource

win7-20240215-en

zgrat ransomware rat spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

zune.exe

Resource

win10v2004-20240508-en

zgrat ransomware rat spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  zune.exe
- Size
  
  2.7MB
- MD5
  
  d395e798b9884b6c1837fe4fe147a3fa
- SHA1
  
  530ffbe23bbb3f88fb97ff95ef5486d3628776a3
- SHA256
  
  e1696968ad55e7e03a8334711d90350c4145fb4f60de5fb4a2f5f19187183c05
- SHA512
  
  30cc4aa9b0e7e6ff85d56a11b2f81e079687d4c2ac87ac72835c15253787fe9b15bd4308ffdb689301b5816f0f3c7fd8f6700b71aa991bf8c066a5f6ba36eb27
- SSDEEP
  
  49152:Bik3l/s9YcuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9u4:BvVsGfzsG1tQRjdih8rwc
Score

10^/10

zgrat ransomware rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

zgratransomwareratspywarestealer

behavioral2

zgratransomwareratspywarestealer

© 2018-2024

Terms | Privacy