Overview

overview

10

Static

static

3

comInto.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    comInto.exe

  • Size

    3.1MB

  • Sample

    231102-tnksqagf78

  • MD5

    e843f44cc734d6d16b8036cc89253b38

  • SHA1

    6a37bb19725d637fa206eed6fd6c20ad036bb542

  • SHA256

    e7858b21141b28ca21987ffb49af131f96069b6acd982af4d1b0cc1518c69357

  • SHA512

    1424ff99a0f49597d9f4df2e7ca50f5029acb28580d2700feb438392cff2a6b3af31e61393a987e73433b6b28eed38d6909ee9851943ce26eeaba967ae9e0c27

  • SSDEEP

    98304:6nLk/4hCLefgJpLzdvVzZznT8CqVyij1TlCV0D5:6nOnLefAvLznT8CqVyij1TAV65

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      comInto.exe

    • Size

      3.1MB

    • MD5

      e843f44cc734d6d16b8036cc89253b38

    • SHA1

      6a37bb19725d637fa206eed6fd6c20ad036bb542

    • SHA256

      e7858b21141b28ca21987ffb49af131f96069b6acd982af4d1b0cc1518c69357

    • SHA512

      1424ff99a0f49597d9f4df2e7ca50f5029acb28580d2700feb438392cff2a6b3af31e61393a987e73433b6b28eed38d6909ee9851943ce26eeaba967ae9e0c27

    • SSDEEP

      98304:6nLk/4hCLefgJpLzdvVzZznT8CqVyij1TlCV0D5:6nOnLefAvLznT8CqVyij1TAV65

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks