Overview

overview

10

Static

static

3

b7625ee5ae...30.exe

windows7-x64

10

b7625ee5ae...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b7625ee5aed7a234f98a5d3d2ce65e30.exe

  • Size

    3.7MB

  • Sample

    231124-sp4fsadb3t

  • MD5

    b7625ee5aed7a234f98a5d3d2ce65e30

  • SHA1

    27c85276c8a8b5644fe6c44408d063cc3cf30db9

  • SHA256

    13caf72860e00c295fda55bb96e743fbb46819ccebf86cd3f32ccb5752a208d6

  • SHA512

    9c25cd54c565b0325570e357b08a03c1a03059335350ba34e6727af05d813b17218c3893d23a2888a36d7ae4971fa2476458e094a4f0742d624eac03db4678f8

  • SSDEEP

    98304:n05Q6mWW2X8ibAOIkGE2JmN49Iy+3fobumosX8SuhC21hNkHv:ZTibAOIkr2Jmm9IH9m9nuhC6NkHv

Score
10/10
zgratevasionrat

Malware Config

Targets

    • Target

      b7625ee5aed7a234f98a5d3d2ce65e30.exe

    • Size

      3.7MB

    • MD5

      b7625ee5aed7a234f98a5d3d2ce65e30

    • SHA1

      27c85276c8a8b5644fe6c44408d063cc3cf30db9

    • SHA256

      13caf72860e00c295fda55bb96e743fbb46819ccebf86cd3f32ccb5752a208d6

    • SHA512

      9c25cd54c565b0325570e357b08a03c1a03059335350ba34e6727af05d813b17218c3893d23a2888a36d7ae4971fa2476458e094a4f0742d624eac03db4678f8

    • SSDEEP

      98304:n05Q6mWW2X8ibAOIkGE2JmN49Iy+3fobumosX8SuhC21hNkHv:ZTibAOIkr2Jmm9IH9m9nuhC6NkHv

    Score
    10/10
    zgratevasionrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks