Overview

overview

10

Static

static

10

8c83e6d58c...55.exe

windows7-x64

10

8c83e6d58c...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c83e6d58cece941a3a2757261d5040f695399fcbf7c57315cf5fb32e0fab655

  • Size

    1.7MB

  • Sample

    231014-cm5m3abc4x

  • MD5

    a04106176566dd08a9385541b63567a1

  • SHA1

    e4ca0845b31c074abd709882a0ea732a29b01939

  • SHA256

    8c83e6d58cece941a3a2757261d5040f695399fcbf7c57315cf5fb32e0fab655

  • SHA512

    6ff2ad78029b4bec570463492e31a343c5be825033fceef88514e4b8dfa5ef4d90deae3a31de4418c785ef45dd9ff9d7069a62e716ea2103e548894da6e268b3

  • SSDEEP

    24576:rQa+rRep38knZGbO4oFya8ZbRxaiXvnEc3Suvb7sNPwEFfTPCRi4Vz:rZ+rRe3zn4ioa8ZbRMiXO07sNPwERWV

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      8c83e6d58cece941a3a2757261d5040f695399fcbf7c57315cf5fb32e0fab655

    • Size

      1.7MB

    • MD5

      a04106176566dd08a9385541b63567a1

    • SHA1

      e4ca0845b31c074abd709882a0ea732a29b01939

    • SHA256

      8c83e6d58cece941a3a2757261d5040f695399fcbf7c57315cf5fb32e0fab655

    • SHA512

      6ff2ad78029b4bec570463492e31a343c5be825033fceef88514e4b8dfa5ef4d90deae3a31de4418c785ef45dd9ff9d7069a62e716ea2103e548894da6e268b3

    • SSDEEP

      24576:rQa+rRep38knZGbO4oFya8ZbRxaiXvnEc3Suvb7sNPwEFfTPCRi4Vz:rZ+rRe3zn4ioa8ZbRMiXO07sNPwERWV

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks