zgrat | 64839df979829a8230b50891466a04e1d428f70d928205709668205669115a5e | Triage

Submit
Reports

Overview

overview

Static

static

0e77c7eaf2...a3.exe

windows7-x64

0e77c7eaf2...a3.exe

windows10-2004-x64

Sharing

General

Target

0e77c7eaf29e7cc81d6a5870545509a3.exe
Size

2.0MB
Sample

240515-evspksha45
MD5

0e77c7eaf29e7cc81d6a5870545509a3
SHA1

e56496e200c3246c149b41bd826b9e762fa5e534
SHA256

64839df979829a8230b50891466a04e1d428f70d928205709668205669115a5e
SHA512

bf85986eb8b47fc7211a6b6b48121ae0de6718c73612a4059f3bf8570a47b5848a0619c056a9b55df2760f2c5e5f30ca5a19a5d091750af8ad7bb81c5f015e18
SSDEEP

49152:R6K39H/NzGjGzMErFiEntNARL3AVtsk53gEdMJ9O:R6KnjrLntNAR2tPfO

Score

10^/10

zgrat rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0e77c7eaf29e7cc81d6a5870545509a3.exe

Resource

win7-20240508-en

zgrat rat spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e77c7eaf29e7cc81d6a5870545509a3.exe

Resource

win10v2004-20240426-en

zgrat rat spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e77c7eaf29e7cc81d6a5870545509a3.exe
- Size
  
  2.0MB
- MD5
  
  0e77c7eaf29e7cc81d6a5870545509a3
- SHA1
  
  e56496e200c3246c149b41bd826b9e762fa5e534
- SHA256
  
  64839df979829a8230b50891466a04e1d428f70d928205709668205669115a5e
- SHA512
  
  bf85986eb8b47fc7211a6b6b48121ae0de6718c73612a4059f3bf8570a47b5848a0619c056a9b55df2760f2c5e5f30ca5a19a5d091750af8ad7bb81c5f015e18
- SSDEEP
  
  49152:R6K39H/NzGjGzMErFiEntNARL3AVtsk53gEdMJ9O:R6KnjrLntNAR2tPfO
Score

10^/10

zgrat rat spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratratspywarestealer

behavioral2

zgratratspywarestealer

© 2018-2024

Terms | Privacy