SYMBOLCOMMON_NAMEaka. SYNONYMS
win.zgrat (Back to overview)

zgRAT

zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.
Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.

References
2023-01-16Difesa & SicurezzaFrancesco Bussoletti
Cybercrime, RFQ from Turkey carries AgentTesla and zgRAT
Agent Tesla zgRAT
2022-11-17TrellixTrelix
Trellix Insights: SmokeLoader Exploits Old Vulnerabilities to Drop zgRAT
SmokeLoader zgRAT
2022-08-08FortinetJames Slaughter
Life After Death - SmokeLoader Continues to Haunt Using Old Vulnerabilities
SmokeLoader zgRAT
2021-08-06abuse.chabuse.ch
zgRAT malware samples
zgRAT

There is no Yara-Signature yet.