zgrat | b479466f9646b05cdd08d4f85fe30ca3bc1879467ac167eecca72fe58b536a4c | Triage

Submit
Reports

Overview

overview

Static

static

1

file.html

windows10-1703-x64

Sharing

General

Target

file
Size

93KB
Sample

240512-s3h21afg23
MD5

39a33b65aa143858d0dd000fc105dc27
SHA1

ab256505735aa96bc86efe19e6796bb5e45e801c
SHA256

b479466f9646b05cdd08d4f85fe30ca3bc1879467ac167eecca72fe58b536a4c
SHA512

b45e3923ea488cf5f49a8b3310b0620d8e8881aee1a37b1557497650b10deaa14a6fd803e3cff791a5b57a5d86ed0cd94611e4b74376b8c704bd98941d1cb04f
SSDEEP

1536:qiub850ZoTgAJuHnjde83Ml83Mn1CyKxzmFM/HXcc01vvzj3NPnJWKfkH80r8GB5:qi/gAkHnjP1/chx4BU4

Score

10^/10

zgrat discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

file.html

Resource

win10-20240404-en

zgrat discovery rat spyware stealer

windows10-1703-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  file
- Size
  
  93KB
- MD5
  
  39a33b65aa143858d0dd000fc105dc27
- SHA1
  
  ab256505735aa96bc86efe19e6796bb5e45e801c
- SHA256
  
  b479466f9646b05cdd08d4f85fe30ca3bc1879467ac167eecca72fe58b536a4c
- SHA512
  
  b45e3923ea488cf5f49a8b3310b0620d8e8881aee1a37b1557497650b10deaa14a6fd803e3cff791a5b57a5d86ed0cd94611e4b74376b8c704bd98941d1cb04f
- SSDEEP
  
  1536:qiub850ZoTgAJuHnjde83Ml83Mn1CyKxzmFM/HXcc01vvzj3NPnJWKfkH80r8GB5:qi/gAkHnjP1/chx4BU4
Score

10^/10

zgrat discovery rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

zgratdiscoveryratspywarestealer

© 2018-2024

Terms | Privacy