zgrat | 2b437fdd8ff7e1af87ad1ac8e996380895fd41f2a041cbf53aa14acac66cfa9c | Triage

Submit
Reports

Overview

overview

Static

static

1

DOCUMENTO ...90.vbs

windows7-x64

DOCUMENTO ...90.vbs

windows10-2004-x64

Sharing

General

Target

DOCUMENTO RELACIONADO A LA NOTIFICACION #09290390390.tar.tbz2
Size

10KB
Sample

231101-2kkybadh9t
MD5

5d0c19142dbf6f7db604b322fd40d29f
SHA1

3750259638e9cb541a18ada987d0ebd32a6ef878
SHA256

2b437fdd8ff7e1af87ad1ac8e996380895fd41f2a041cbf53aa14acac66cfa9c
SHA512

0ea5231513205e8fcfdbf13620f3ac143b4c749949d4d0ca6c6eb5237026b99db084ac62e4b364fcfc54239729d3eef6de7d77145e6a100e7c58d4f62b2c3ef7
SSDEEP

192:0W6ILKJaALU6TnPKpYUYNVgwRV8OtnKcTeT+B35Mc0yrh1mXbwyttz9VTJRW6o:cvfU6rSpYdVLF5SEgIYwAz9VPo

Score

10^/10

zgrat rat

Static task

static1

Behavioral task

behavioral1

Sample

DOCUMENTO RELACIONADO A LA NOTIFICACION #09290390390.vbs

Resource

win7-20231020-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

DOCUMENTO RELACIONADO A LA NOTIFICACION #09290390390.vbs

Resource

win10v2004-20231023-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://wallpapercave.com/uwp/uwp4098462.png

exe.dropper

https://wallpapercave.com/uwp/uwp4098462.png

Targets

- Target
  
  DOCUMENTO RELACIONADO A LA NOTIFICACION #09290390390.vbs
- Size
  
  137KB
- MD5
  
  9e021dade8e76b1bb1c22f7861c0f166
- SHA1
  
  cd1b0c48c9c8ffc5b24f432670bc895037a73c34
- SHA256
  
  edd1b6b776691f7310fe174980438b449fbc0120d1ceb46ea4b38ac36f799ddc
- SHA512
  
  8c11ebf919fe395bd381d0eef7364a125157272ee9bef4f0b26ff52a6ad316d37b5b031447db0636328be268b7b6658b906b23adbf700d6320a67b59140d8888
- SSDEEP
  
  1536:F+iOre4Mi3mI2hb7KZ18C2NGkikGkFjGkikGkKEt0eEKU+kCKGWGPrbrbTDDpOAH:fOreBQFJy
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy