Overview

overview

10

Static

static

1

cc9e86cdf4...5.xlam

windows7-x64

10

cc9e86cdf4...5.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    38b017ab62ecebd7bf019c75536d5b64.bin

  • Size

    720KB

  • Sample

    231029-bqe15sfg69

  • MD5

    84e725e7e389c40698ac9b8d4be98dac

  • SHA1

    4c0eb758069afba10a5af8598acf47ca281aa1d5

  • SHA256

    60b49fdf2298b28500efc97a320a31562af77382526a8a7766fb67a4bb21074c

  • SHA512

    49dce3f5959f7afce0d977b01283c8339ed935c672b682a50fe66a4df998a284a2bcf5350e81b09401677920dbd849c894c9f9ee0509b627162f408a3f1bc0e1

  • SSDEEP

    12288:4GCUU2jXtbSZyYPkMpsrvScLdp/JS277BGriWwcEqqRPGXqD51+11U6j9uQVgjy6:4GCoxbSZyD9rp/JJFGvwcE9aQr+hZtVM

Score
10/10
zgratrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/644/749/original/new_image.jpg?1698084523
exe.dropper

https://uploaddeimagens.com.br/images/004/644/749/original/new_image.jpg?1698084523

Targets

    • Target

      cc9e86cdf4406a5fb6f80eba880f08568e86d95b64d087923c219e154d6b6505.xlsx

    • Size

      721KB

    • MD5

      38b017ab62ecebd7bf019c75536d5b64

    • SHA1

      d0bc6e8ac9c8974de6903a1f178278398e957d90

    • SHA256

      cc9e86cdf4406a5fb6f80eba880f08568e86d95b64d087923c219e154d6b6505

    • SHA512

      38a7a95044477b3e316ad80028733618b45bc8ea616eaba05477832158cbaad54aa6f70abe8df3bd4502b7a35b38ae9ae77333ee2aa7485cf97e353fddb636c7

    • SSDEEP

      12288:NBU/RrtZ25DWZv5x+oKC2hCxX4bmi9/GIQHwFKiHzrPSp8YOa:o/Rrt05DAUoGhClJIl5HnSmYOa

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks