zgrat | 23ecba0be777d9b7a5683d0939d9ae17c4427c46e51ff959e91785d83c60efd1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Voice.ai-D...b7.exe

windows7-x64

Voice.ai-D...b7.exe

windows10-2004-x64

Resubmissions

01/11/2023, 15:11

231101-sky1haab5w 7

31/10/2023, 15:15

231031-sndtqsac5x 10

Sharing

General

Target

Voice.ai-Downloader-alphaver-9a8076101605478c95f602b0ba1e61b7.exe
Size

476KB
Sample

231031-sndtqsac5x
MD5

b8162dccc95c2ed40a3fd946dd127242
SHA1

27899142d055dcce7ad3288028c8e3187421275c
SHA256

23ecba0be777d9b7a5683d0939d9ae17c4427c46e51ff959e91785d83c60efd1
SHA512

51eef114974531407df6e04af725855293db7e5bdd2e311af5b14dcbef70de9759ae00fa1c17bb72351697fb8d8cf163a1072e957430d33ca90dffeadf0eefbb
SSDEEP

3072:AkBGWOsTIJgIDU5A/cto68pMABlZQ2wpFD0ravSGKBUGYDxJ0y5t8:A1ssjn5Mp2w7g+VKvSA

Score

10^/10

zgrat discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Voice.ai-Downloader-alphaver-9a8076101605478c95f602b0ba1e61b7.exe

Resource

win7-20231023-en

zgrat discovery persistence rat

windows7-x64

21 signatures

300 seconds

Behavioral task

behavioral2

Sample

Voice.ai-Downloader-alphaver-9a8076101605478c95f602b0ba1e61b7.exe

Resource

win10v2004-20231023-en

zgrat discovery persistence rat

windows10-2004-x64

28 signatures

300 seconds

Malware Config

Targets

- Target
  
  Voice.ai-Downloader-alphaver-9a8076101605478c95f602b0ba1e61b7.exe
- Size
  
  476KB
- MD5
  
  b8162dccc95c2ed40a3fd946dd127242
- SHA1
  
  27899142d055dcce7ad3288028c8e3187421275c
- SHA256
  
  23ecba0be777d9b7a5683d0939d9ae17c4427c46e51ff959e91785d83c60efd1
- SHA512
  
  51eef114974531407df6e04af725855293db7e5bdd2e311af5b14dcbef70de9759ae00fa1c17bb72351697fb8d8cf163a1072e957430d33ca90dffeadf0eefbb
- SSDEEP
  
  3072:AkBGWOsTIJgIDU5A/cto68pMABlZQ2wpFD0ravSGKBUGYDxJ0y5t8:A1ssjn5Mp2w7g+VKvSA
Score

10^/10

zgrat discovery persistence rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratdiscoverypersistencerat

behavioral2

zgratdiscoverypersistencerat

© 2018-2025

Terms | Privacy