zgrat | 6be46618824bb0582789cfb6b37b80c9bb220079ea90cded22826ca68b35fa64 | Triage

Submit
Reports

Overview

overview

Static

static

1

e.rar

windows11-21h2-x64

Sharing

General

Target

e.rar
Size

5.5MB
Sample

240515-jlwr4afg83
MD5

03a72a36ec1a2c7012b0518f93b86835
SHA1

4d0b4b6307ff9206422be555d090f746d3038d2a
SHA256

6be46618824bb0582789cfb6b37b80c9bb220079ea90cded22826ca68b35fa64
SHA512

d1bc3b1871b85e756873d8b05a485f88b6ad7a2f2b242f71a525b2cab271f71f2e072204a63cae260d8febbef1d35c3b4aba44932b64f57db09075f8227a62b5
SSDEEP

98304:ZtlOZm+7rK63WaQwzYgQWKBmwVTH3x+eKtiCmYnzFdnAXfVs2D8qCK:7lO8+vKUZxzUWKBmwdXxEiYnzUl8qCK

Score

10^/10

zgrat rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

e.rar

Resource

win11-20240426-en

zgrat rat spyware

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  e.rar
- Size
  
  5.5MB
- MD5
  
  03a72a36ec1a2c7012b0518f93b86835
- SHA1
  
  4d0b4b6307ff9206422be555d090f746d3038d2a
- SHA256
  
  6be46618824bb0582789cfb6b37b80c9bb220079ea90cded22826ca68b35fa64
- SHA512
  
  d1bc3b1871b85e756873d8b05a485f88b6ad7a2f2b242f71a525b2cab271f71f2e072204a63cae260d8febbef1d35c3b4aba44932b64f57db09075f8227a62b5
- SSDEEP
  
  98304:ZtlOZm+7rK63WaQwzYgQWKBmwVTH3x+eKtiCmYnzFdnAXfVs2D8qCK:7lO8+vKUZxzUWKBmwdXxEiYnzUl8qCK
Score

10^/10

zgrat rat spyware
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspyware

© 2018-2024

Terms | Privacy