General

  • Target

    2ce10fcd4e165a82a76f77d1f661fa36.exe

  • Size

    2.3MB

  • Sample

    240515-snfnbsfe32

  • MD5

    2ce10fcd4e165a82a76f77d1f661fa36

  • SHA1

    a3ffe8a330d9e2128172b74dd76f0a31060c0e1e

  • SHA256

    21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6

  • SHA512

    f2ed5af0ba9173d483943d7a3761ae2419232ec52980597dfc7ef9c79516297fd2df63970528faeed14f642fb1dbc00114d659068c33cc619ff70583da0bc818

  • SSDEEP

    49152:eOtTYNB84W4Vjms6VSSiht/zAKq4uhL61/I+C62w3/MLfQyTIUhlLY/EDZ50R:eOtTYzfVv6VSSEt/z7qfL6e+HaIez0Ee

Malware Config

Targets

    • Target

      2ce10fcd4e165a82a76f77d1f661fa36.exe

    • Size

      2.3MB

    • MD5

      2ce10fcd4e165a82a76f77d1f661fa36

    • SHA1

      a3ffe8a330d9e2128172b74dd76f0a31060c0e1e

    • SHA256

      21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6

    • SHA512

      f2ed5af0ba9173d483943d7a3761ae2419232ec52980597dfc7ef9c79516297fd2df63970528faeed14f642fb1dbc00114d659068c33cc619ff70583da0bc818

    • SSDEEP

      49152:eOtTYNB84W4Vjms6VSSiht/zAKq4uhL61/I+C62w3/MLfQyTIUhlLY/EDZ50R:eOtTYzfVv6VSSEt/z7qfL6e+HaIez0Ee

    • Detect ZGRat V1

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Tasks