zgrat | 185d9ef30cb225a144368be10489a25804d2e8759040975059ff9b7eedd26881 | Triage

Submit
Reports

Overview

overview

Static

static

3

559dbd862c...4e.exe

windows7-x64

559dbd862c...4e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

559dbd862cb72a817b0703dae3be1e4e
Size

719KB
Sample

231226-fgk81sgbcl
MD5

559dbd862cb72a817b0703dae3be1e4e
SHA1

cfbf19e56bcbd1fab643e84e23d60e31f6594cbd
SHA256

185d9ef30cb225a144368be10489a25804d2e8759040975059ff9b7eedd26881
SHA512

d500093c426346742c16e01b757e058e33f8bde2cd605ce3683894c1148d3362bb06929745ccf2bf0390ede0c0fedcc7cdd09f540398ec54ef31c87f06e2c47f
SSDEEP

12288:vrq0QzbZQVwvGgM7DdvIXxjdohhfIidc5NE2mydpwcXrKSoFCmk9Km6kDsv:jP2bZQVgG37DdvIwcidc5NE2mydpwcX5

Score

10^/10

zgrat rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

559dbd862cb72a817b0703dae3be1e4e.exe

Resource

win7-20231215-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

559dbd862cb72a817b0703dae3be1e4e.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  559dbd862cb72a817b0703dae3be1e4e
- Size
  
  719KB
- MD5
  
  559dbd862cb72a817b0703dae3be1e4e
- SHA1
  
  cfbf19e56bcbd1fab643e84e23d60e31f6594cbd
- SHA256
  
  185d9ef30cb225a144368be10489a25804d2e8759040975059ff9b7eedd26881
- SHA512
  
  d500093c426346742c16e01b757e058e33f8bde2cd605ce3683894c1148d3362bb06929745ccf2bf0390ede0c0fedcc7cdd09f540398ec54ef31c87f06e2c47f
- SSDEEP
  
  12288:vrq0QzbZQVwvGgM7DdvIXxjdohhfIidc5NE2mydpwcXrKSoFCmk9Km6kDsv:jP2bZQVgG37DdvIwcidc5NE2mydpwcX5
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy