zgrat | 0a7523a33dbf8a15afdcef5a7efbaf4a2ed53706c8b0daad1ad8c69962180566 | Triage

Submit
Reports

Overview

overview

Static

static

1

Orden de C...la.xls

windows7-x64

Orden de C...la.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

Orden de Compra##.xla.xlsx
Size

101KB
Sample

231031-hlxtqabb69
MD5

1024a690a0cdbf2505121b0d14b70125
SHA1

a048b94a8ae9251b61e3348438ff0f3f2c89b33a
SHA256

0a7523a33dbf8a15afdcef5a7efbaf4a2ed53706c8b0daad1ad8c69962180566
SHA512

7ec14256710b048c69bbd0ccb80a5ea9333ad5fe6e106509dcd62885fb15cae3217102633d0006325d7aadd2ba1b974d24e6599ee74f804b9c6805c51e3d1a5a
SSDEEP

1536:lpQDZbuylO9AKt9+CASVnmLIMPXHI8d+xpgFlIoOcbF6KUHJHuJPMIdTd:8Vyy1Kt0GdmBP3I8MgnIPwFtWHIP

Score

10^/10

zgrat rat

Static task

static1

Behavioral task

behavioral1

Sample

Orden de Compra##.xla.xls

Resource

win7-20231023-en

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Orden de Compra##.xla.xls

Resource

win10v2004-20231023-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://imageupload.io/ib/ekWgHWjP3arvUq7_1698166097.jpg

exe.dropper

https://imageupload.io/ib/ekWgHWjP3arvUq7_1698166097.jpg

Targets

- Target
  
  Orden de Compra##.xla.xlsx
- Size
  
  101KB
- MD5
  
  1024a690a0cdbf2505121b0d14b70125
- SHA1
  
  a048b94a8ae9251b61e3348438ff0f3f2c89b33a
- SHA256
  
  0a7523a33dbf8a15afdcef5a7efbaf4a2ed53706c8b0daad1ad8c69962180566
- SHA512
  
  7ec14256710b048c69bbd0ccb80a5ea9333ad5fe6e106509dcd62885fb15cae3217102633d0006325d7aadd2ba1b974d24e6599ee74f804b9c6805c51e3d1a5a
- SSDEEP
  
  1536:lpQDZbuylO9AKt9+CASVnmLIMPXHI8d+xpgFlIoOcbF6KUHJHuJPMIdTd:8Vyy1Kt0GdmBP3I8MgnIPwFtWHIP
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Blocklisted process makes network request
- Abuses OpenXML format to download file from external location
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy