zgrat | 00ac0b1a194d63f9c35c12764ffb5ba8577c6980cc34d4cf86b486bf046671bd | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Trojan.Win...nm.exe

windows10-2004-x64

Sharing

General

Target

Trojan.Win32.Znyonm.zip
Size

3.3MB
Sample

231101-2eakdsdh4x
MD5

0ad46ae9f67403df30297de3a0b9fdd4
SHA1

c471d6769c23750eb9cda9a184997bbd5d330551
SHA256

00ac0b1a194d63f9c35c12764ffb5ba8577c6980cc34d4cf86b486bf046671bd
SHA512

3807b92dfa7dd68207c50c4eda8e6b9b0c67cabb0251f8da26ed70e87676d0be3dbefb60375ece8605f63410082cde9876e993f1286a388c712c59146163e67d
SSDEEP

98304:DUzMcoL+bXhUdc1X2ibDkNfYBDIwfiiJ71OlgwB/dv:8f1bXWm17Dk29/J7vEVv

Score

10^/10

zgrat rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Trojan.Win32.Znyonm.exe

Resource

win10v2004-20231020-en

windows10-2004-x64

12 signatures

600 seconds

Malware Config

Targets

- Target
  
  Trojan.Win32.Znyonm.exe
- Size
  
  5.5MB
- MD5
  
  211c3aecddbb97738943a1d9471ba7c2
- SHA1
  
  739cde98ae0761fb6e88fa548af75ea512631655
- SHA256
  
  44083be323ff08f7d4291a4b13a983ba680e3a793db7bd123179378e39d2a31b
- SHA512
  
  bae5ee49ae159167c0eae1dfc815a9039f85e2b4137f43dd6bd0dfa72d9cc82dac9796518bb4abf54e6b9c121c50d53e3eac8f28ab8bd71531a40db47ce253fd
- SSDEEP
  
  98304:ThM4FP72iUsD1nMx7tHcCWQzWXMw5qOzV3Mr7jt4SNnVYm9GkAQ+qvkAKLpLjH9j:tJ1Yu1Mx7tHcdQzMljx3C6SDY/kAQ+rH
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy