Overview

overview

10

Static

static

1

67b12ce754...c0.exe

windows7-x64

10

67b12ce754...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67b12ce7540c0d01a9ff199865acab6b5643aa68ec1bdd30c0a8c78809a1ecc0.exe

  • Size

    1.4MB

  • Sample

    240512-kw9x5sha5y

  • MD5

    bac1ed7db4d2fac01049a0047f73afb9

  • SHA1

    0bdb67928e2ab54ba58b333fb99041b54ef8bfe2

  • SHA256

    67b12ce7540c0d01a9ff199865acab6b5643aa68ec1bdd30c0a8c78809a1ecc0

  • SHA512

    12dfe3ade697242734e0b3db702410f3b840af7f7c31e6eb9c532f479944804fbd825635e11eaf359071451d4b28619803eaad6910f349f0170e18ac6b75b743

  • SSDEEP

    24576:gMw7DAUDbPcfE6ZmAvDxzdK5q8cIqtxAG7lue5WwPEDH56ZlCj2fQAes3sZUYOy1:gMwDnkc6MKpdK5Ldqtj7lueo90ZlU2fe

Score
10/10
zgratratspywarestealer

Malware Config

Targets

    • Target

      67b12ce7540c0d01a9ff199865acab6b5643aa68ec1bdd30c0a8c78809a1ecc0.exe

    • Size

      1.4MB

    • MD5

      bac1ed7db4d2fac01049a0047f73afb9

    • SHA1

      0bdb67928e2ab54ba58b333fb99041b54ef8bfe2

    • SHA256

      67b12ce7540c0d01a9ff199865acab6b5643aa68ec1bdd30c0a8c78809a1ecc0

    • SHA512

      12dfe3ade697242734e0b3db702410f3b840af7f7c31e6eb9c532f479944804fbd825635e11eaf359071451d4b28619803eaad6910f349f0170e18ac6b75b743

    • SSDEEP

      24576:gMw7DAUDbPcfE6ZmAvDxzdK5q8cIqtxAG7lue5WwPEDH56ZlCj2fQAes3sZUYOy1:gMwDnkc6MKpdK5Ldqtj7lueo90ZlU2fe

    Score
    10/10
    zgratratspywarestealer

    • Detect ZGRat V1

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks