zgrat | 101331c13483b3530f33ff1d8983e5ad4b391b2bcb212143cb41e5095d0c5e19 | Triage

Submit
Reports

Overview

overview

Static

static

BF73AF9BE7...B6.exe

windows7-x64

BF73AF9BE7...B6.exe

windows10-2004-x64

Sharing

General

Target

BF73AF9BE79A72DF70F1DD89E86E37B6.exe
Size

8.2MB
Sample

240213-gtqvpsaf7z
MD5

bf73af9be79a72df70f1dd89e86e37b6
SHA1

088887c3bcffa084e35769a8a44cf027e56e5f67
SHA256

101331c13483b3530f33ff1d8983e5ad4b391b2bcb212143cb41e5095d0c5e19
SHA512

3b0c73699f4054a38a55cfcbf30bf100b4af233100756e523b7190a768d549d85d14c92430784010e16735cea902ace1bfeddc505d08f87f526ef60072545148
SSDEEP

49152:x3XGwQS8y7rtnzktV5RdWJx8cLFNE0R8a:NXXlStVIJxZFN5

Score

10^/10

zgrat rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

BF73AF9BE79A72DF70F1DD89E86E37B6.exe

Resource

win7-20231129-en

zgrat rat spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

BF73AF9BE79A72DF70F1DD89E86E37B6.exe

Resource

win10v2004-20231222-en

zgrat rat spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  BF73AF9BE79A72DF70F1DD89E86E37B6.exe
- Size
  
  8.2MB
- MD5
  
  bf73af9be79a72df70f1dd89e86e37b6
- SHA1
  
  088887c3bcffa084e35769a8a44cf027e56e5f67
- SHA256
  
  101331c13483b3530f33ff1d8983e5ad4b391b2bcb212143cb41e5095d0c5e19
- SHA512
  
  3b0c73699f4054a38a55cfcbf30bf100b4af233100756e523b7190a768d549d85d14c92430784010e16735cea902ace1bfeddc505d08f87f526ef60072545148
- SSDEEP
  
  49152:x3XGwQS8y7rtnzktV5RdWJx8cLFNE0R8a:NXXlStVIJxZFN5
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

zgratratspywarestealer

© 2018-2024

Terms | Privacy