Overview

overview

10

Static

static

1

Nicht best...72.vbs

windows7-x64

10

Nicht best...72.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Nicht bestätigt 200172.crdownload

  • Size

    137KB

  • Sample

    231030-qxxxvsfa63

  • MD5

    c98ad59cd4dbc9b65da06bb61a475b3c

  • SHA1

    13f1c20297babdbc192c0096384f09d304bcb6a0

  • SHA256

    fa1262ddbc3380f866cf3a8d7f0a72e335a9dedcf2c857fde08aae543e2fea78

  • SHA512

    0ccf064b78473ec8caa0cf9dc93371a8ada795474bc1568aefa49061d3f17ea1d5424617b8b7b6bf2bc52676d8cd9e66af3dd39a329c6bc0ab10f68a66acd14f

  • SSDEEP

    1536:F+sxde4Mi3mI2hb7KZ18C2NGkikGkFjGkikGkKEt0eEKU+kCKGWGPrbrbTDDpOAH:PxdeBQFJy

Score
10/10
zgratrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://wallpapercave.com/uwp/uwp4098462.png
exe.dropper

https://wallpapercave.com/uwp/uwp4098462.png

Targets

    • Target

      Nicht bestätigt 200172.crdownload

    • Size

      137KB

    • MD5

      c98ad59cd4dbc9b65da06bb61a475b3c

    • SHA1

      13f1c20297babdbc192c0096384f09d304bcb6a0

    • SHA256

      fa1262ddbc3380f866cf3a8d7f0a72e335a9dedcf2c857fde08aae543e2fea78

    • SHA512

      0ccf064b78473ec8caa0cf9dc93371a8ada795474bc1568aefa49061d3f17ea1d5424617b8b7b6bf2bc52676d8cd9e66af3dd39a329c6bc0ab10f68a66acd14f

    • SSDEEP

      1536:F+sxde4Mi3mI2hb7KZ18C2NGkikGkFjGkikGkKEt0eEKU+kCKGWGPrbrbTDDpOAH:PxdeBQFJy

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks