zgrat | 21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6 | Triage

Submit
Reports

Overview

overview

Static

static

3

2ce10fcd4e...36.exe

windows7-x64

2ce10fcd4e...36.exe

windows10-2004-x64

Sharing

General

Target

2ce10fcd4e165a82a76f77d1f661fa36.exe
Size

2.3MB
Sample

240515-snfnbsfe32
MD5

2ce10fcd4e165a82a76f77d1f661fa36
SHA1

a3ffe8a330d9e2128172b74dd76f0a31060c0e1e
SHA256

21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6
SHA512

f2ed5af0ba9173d483943d7a3761ae2419232ec52980597dfc7ef9c79516297fd2df63970528faeed14f642fb1dbc00114d659068c33cc619ff70583da0bc818
SSDEEP

49152:eOtTYNB84W4Vjms6VSSiht/zAKq4uhL61/I+C62w3/MLfQyTIUhlLY/EDZ50R:eOtTYzfVv6VSSEt/z7qfL6e+HaIez0Ee

Score

10^/10

zgrat rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2ce10fcd4e165a82a76f77d1f661fa36.exe

Resource

win7-20240221-en

zgrat rat spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ce10fcd4e165a82a76f77d1f661fa36.exe

Resource

win10v2004-20240508-en

zgrat rat spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ce10fcd4e165a82a76f77d1f661fa36.exe
- Size
  
  2.3MB
- MD5
  
  2ce10fcd4e165a82a76f77d1f661fa36
- SHA1
  
  a3ffe8a330d9e2128172b74dd76f0a31060c0e1e
- SHA256
  
  21015dd4a12034f48c1432acbf1149131a3dd1412f4b8426ec7273d95dc19da6
- SHA512
  
  f2ed5af0ba9173d483943d7a3761ae2419232ec52980597dfc7ef9c79516297fd2df63970528faeed14f642fb1dbc00114d659068c33cc619ff70583da0bc818
- SSDEEP
  
  49152:eOtTYNB84W4Vjms6VSSiht/zAKq4uhL61/I+C62w3/MLfQyTIUhlLY/EDZ50R:eOtTYzfVv6VSSEt/z7qfL6e+HaIez0Ee
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

zgratratspywarestealer

© 2018-2024

Terms | Privacy