Overview

overview

10

Static

static

1

O.C. 7700 y 7723.xlam

windows7-x64

10

O.C. 7700 y 7723.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    O.C. 7700 y 7723.xlam

  • Size

    597KB

  • Sample

    231013-ngpv7sag24

  • MD5

    a1fa479571db8f9ca06734676a829798

  • SHA1

    414fd1f470e2e8dca4762167df08b82759771581

  • SHA256

    7649bc087bdc600da54264992449bc0f5fe98763f88de12cc573d7676b3b9907

  • SHA512

    a75e240e2e98198b1e4c95c2e245c8a2f345ca8c2733b7ea542be0027e0b5165c0eeea246a23662c6b03288384548836fb5407cd6946d0bb391ee586d4954eff

  • SSDEEP

    12288:XeNEoTz1ZYcVmdN+M4scLPW0NnFKUxy9ymypWPptUkj9R/O8oU/B:ONEo/HVmdNQxW8n0Uxy9rysRZ/B

Score
10/10
zgratrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      O.C. 7700 y 7723.xlam

    • Size

      597KB

    • MD5

      a1fa479571db8f9ca06734676a829798

    • SHA1

      414fd1f470e2e8dca4762167df08b82759771581

    • SHA256

      7649bc087bdc600da54264992449bc0f5fe98763f88de12cc573d7676b3b9907

    • SHA512

      a75e240e2e98198b1e4c95c2e245c8a2f345ca8c2733b7ea542be0027e0b5165c0eeea246a23662c6b03288384548836fb5407cd6946d0bb391ee586d4954eff

    • SSDEEP

      12288:XeNEoTz1ZYcVmdN+M4scLPW0NnFKUxy9ymypWPptUkj9R/O8oU/B:ONEo/HVmdNQxW8n0Uxy9rysRZ/B

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks