zgrat | ebb20ee3f9c28aa7e7a1fe1cdc8371c56a17f2f17bf8d98139fea30915e2be0f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

ebb20ee3f9c28aa7e7a1fe1cdc8371c56a17f2f17bf8d98139fea30915e2be0f
Size

499KB
Sample

231120-hcjkqseh8t
MD5

68392cd3b6d0900a123e3c474737a068
SHA1

dcf1be955e9c6edc2e840b801173e900fad0bfff
SHA256

ebb20ee3f9c28aa7e7a1fe1cdc8371c56a17f2f17bf8d98139fea30915e2be0f
SHA512

5a1c7c5acccc4fe9488a5b9d87decd1c3986ca5c2a00c2815ad3486a736a6cc4d0a94481375d21f3b60753d7f6b8726b5e3e79e2beb7846963244fa0077d1a07
SSDEEP

12288:sqDRPOurL2/zntKd8TeaqZiKi4ZZTbnTCWSuEfDSjEITXEbbkVKB:PDRP5P2/zMaqZiKdTIuy4obbkVKB

Score

10^/10

zgrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

ebb20ee3f9c28aa7e7a1fe1cdc8371c56a17f2f17bf8d98139fea30915e2be0f.exe

Resource

win10v2004-20231020-en

zgrat persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ebb20ee3f9c28aa7e7a1fe1cdc8371c56a17f2f17bf8d98139fea30915e2be0f
- Size
  
  499KB
- MD5
  
  68392cd3b6d0900a123e3c474737a068
- SHA1
  
  dcf1be955e9c6edc2e840b801173e900fad0bfff
- SHA256
  
  ebb20ee3f9c28aa7e7a1fe1cdc8371c56a17f2f17bf8d98139fea30915e2be0f
- SHA512
  
  5a1c7c5acccc4fe9488a5b9d87decd1c3986ca5c2a00c2815ad3486a736a6cc4d0a94481375d21f3b60753d7f6b8726b5e3e79e2beb7846963244fa0077d1a07
- SSDEEP
  
  12288:sqDRPOurL2/zntKd8TeaqZiKi4ZZTbnTCWSuEfDSjEITXEbbkVKB:PDRP5P2/zMaqZiKdTIuy4obbkVKB
Score

10^/10

zgrat persistence rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratpersistencerat

© 2018-2025

Terms | Privacy