General
-
Target
2ce10fcd4e165a82a76f77d1f661fa36.exe
-
Size
2.3MB
-
Sample
240515-snfnbsfe32
-
MD5
2ce10fcd4e165a82a76f77d1f661fa36
-
SHA1
a3ffe8a330d9e2128172b74dd76f0a31060c0e1e
-
SHA256
21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6
-
SHA512
f2ed5af0ba9173d483943d7a3761ae2419232ec52980597dfc7ef9c79516297fd2df63970528faeed14f642fb1dbc00114d659068c33cc619ff70583da0bc818
-
SSDEEP
49152:eOtTYNB84W4Vjms6VSSiht/zAKq4uhL61/I+C62w3/MLfQyTIUhlLY/EDZ50R:eOtTYzfVv6VSSEt/z7qfL6e+HaIez0Ee
Malware Config
Targets
-
-
Target
2ce10fcd4e165a82a76f77d1f661fa36.exe
-
Size
2.3MB
-
MD5
2ce10fcd4e165a82a76f77d1f661fa36
-
SHA1
a3ffe8a330d9e2128172b74dd76f0a31060c0e1e
-
SHA256
21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6
-
SHA512
f2ed5af0ba9173d483943d7a3761ae2419232ec52980597dfc7ef9c79516297fd2df63970528faeed14f642fb1dbc00114d659068c33cc619ff70583da0bc818
-
SSDEEP
49152:eOtTYNB84W4Vjms6VSSiht/zAKq4uhL61/I+C62w3/MLfQyTIUhlLY/EDZ50R:eOtTYzfVv6VSSEt/z7qfL6e+HaIez0Ee
Score10/10-
Detect ZGRat V1
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-