zgrat | d16281d36cb3139f4353ae35ebf214c42a6e19f050906961cec2fc656d295df3 | Triage

Submit
Reports

Overview

overview

Static

static

a4f082b9f0...2f.exe

windows7-x64

a4f082b9f0...2f.exe

windows10-2004-x64

Sharing

General

Target

a4f082b9f08a5a3e1ce6360159c8732f.exe
Size

2.2MB
Sample

240209-e78xbsfg3w
MD5

a4f082b9f08a5a3e1ce6360159c8732f
SHA1

343a2ec18799fe011c55895156bc58055a836522
SHA256

d16281d36cb3139f4353ae35ebf214c42a6e19f050906961cec2fc656d295df3
SHA512

164e721be202392965f5beda3df070e0f5c8d85447aee148f25d04ed84742fbceed4def21edb2475e4d8690f20604e1c41029acad8864cc81c7bd02fd56fec5f
SSDEEP

49152:SAK0RKiYjXfeZPP68zVIxKY92s5nfTPI3oSAv7xLqMTsMMs1a2i29obFbX:SAK0RKiYjXfe7zG2wk3QjnsEi2cl

Score

10^/10

zgrat rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a4f082b9f08a5a3e1ce6360159c8732f.exe

Resource

win7-20231215-en

zgrat rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a4f082b9f08a5a3e1ce6360159c8732f.exe

Resource

win10v2004-20231222-en

zgrat rat spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  a4f082b9f08a5a3e1ce6360159c8732f.exe
- Size
  
  2.2MB
- MD5
  
  a4f082b9f08a5a3e1ce6360159c8732f
- SHA1
  
  343a2ec18799fe011c55895156bc58055a836522
- SHA256
  
  d16281d36cb3139f4353ae35ebf214c42a6e19f050906961cec2fc656d295df3
- SHA512
  
  164e721be202392965f5beda3df070e0f5c8d85447aee148f25d04ed84742fbceed4def21edb2475e4d8690f20604e1c41029acad8864cc81c7bd02fd56fec5f
- SSDEEP
  
  49152:SAK0RKiYjXfeZPP68zVIxKY92s5nfTPI3oSAv7xLqMTsMMs1a2i29obFbX:SAK0RKiYjXfe7zG2wk3QjnsEi2cl
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

zgratratspywarestealer

© 2018-2024

Terms | Privacy