Overview

overview

10

Static

static

1

de_pago.vbs

windows7-x64

10

de_pago.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de_pago.vbs

  • Size

    365KB

  • Sample

    231013-qb6mwabh36

  • MD5

    704afba666fe88196bb5f506fa065553

  • SHA1

    f30788b8cabe1cda4ef73d97138cc13609b77ffc

  • SHA256

    f1a6af7baca4027b3cab5063c63ae4dfaa89c114d062dd695ba947f796d22cab

  • SHA512

    cfa5d551f0345dfc3609191f8ea891f74d3a884d19d898078d9f6294e40bf6fe9c55268561cc1dfc9d02f7a1b9c48ad47d7bcce7a6b45d4c5e998af1da57f5a8

  • SSDEEP

    6144:Mggggg+eZz1OPzhH2NOgggggogggggZgggggjgggggsggggggr773VhgggggdggV:MgggggvOoNOgggggogggggZgggggjgg2

Score
10/10
zgratrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      de_pago.vbs

    • Size

      365KB

    • MD5

      704afba666fe88196bb5f506fa065553

    • SHA1

      f30788b8cabe1cda4ef73d97138cc13609b77ffc

    • SHA256

      f1a6af7baca4027b3cab5063c63ae4dfaa89c114d062dd695ba947f796d22cab

    • SHA512

      cfa5d551f0345dfc3609191f8ea891f74d3a884d19d898078d9f6294e40bf6fe9c55268561cc1dfc9d02f7a1b9c48ad47d7bcce7a6b45d4c5e998af1da57f5a8

    • SSDEEP

      6144:Mggggg+eZz1OPzhH2NOgggggogggggZgggggjgggggsggggggr773VhgggggdggV:MgggggvOoNOgggggogggggZgggggjgg2

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks