General

  • Target

    ae3d900e61024edd1664373cfecbbbf3.exe

  • Size

    3.0MB

  • Sample

    240515-jw4wfsgc59

  • MD5

    ae3d900e61024edd1664373cfecbbbf3

  • SHA1

    59ad6451b70817e53c43d5b5647339b4fec152db

  • SHA256

    4195dfa9caf444d8989a704eb6fac07dc7caff143ef054597652e1886eeebede

  • SHA512

    8cf15761068498c2135f684f45383edab082927aa83cfc8b979ad70412cc80be0b5ac4ee20b86a234b77f6b6f86aea22472dfc7daa3c5deab1ad528a6bc26fde

  • SSDEEP

    49152:rDbJcqrhOIqdoRpj8+tlw+3klfvT4FVYAmIpUtm8eW:rDzhhqoPtlwIkh2VY3IpVVW

Malware Config

Targets

    • Target

      ae3d900e61024edd1664373cfecbbbf3.exe

    • Size

      3.0MB

    • MD5

      ae3d900e61024edd1664373cfecbbbf3

    • SHA1

      59ad6451b70817e53c43d5b5647339b4fec152db

    • SHA256

      4195dfa9caf444d8989a704eb6fac07dc7caff143ef054597652e1886eeebede

    • SHA512

      8cf15761068498c2135f684f45383edab082927aa83cfc8b979ad70412cc80be0b5ac4ee20b86a234b77f6b6f86aea22472dfc7daa3c5deab1ad528a6bc26fde

    • SSDEEP

      49152:rDbJcqrhOIqdoRpj8+tlw+3klfvT4FVYAmIpUtm8eW:rDzhhqoPtlwIkh2VY3IpVVW

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks