zgrat | d7aef37620b6859201152beeb8065afcd6abaff08e7802f091d184b771c6ca67

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2974c33d71c72bfb8773786d2f5e52b3.exe
Size

7.9MB
MD5

2974c33d71c72bfb8773786d2f5e52b3
SHA1

60fbc450e8fa237fa726e455ed302b3d07230be6
SHA256

d7aef37620b6859201152beeb8065afcd6abaff08e7802f091d184b771c6ca67
SHA512

c43fe6dbd34d131154e078f45778064ac0ee71508db0511907a4e09ebfb5bb47987b9edb0f382b1fd080d6feeaf41ce0eb6af5bb7cf4f7ef2eda112db5226692
SSDEEP

98304:P6GsEi3CVgrqefV75XI48DM+CNEARi4lWbHvj3hAZzyX9teF/AN3R1Q+rT:PjsEiCqB5XlwX0U4lWjvD+ZzyX9OiWS

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral2/memory/2708-1-0x0000000000CE0000-0x00000000014CC000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe
2708	2974c33d71c72bfb8773786d2f5e52b3.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2708	2974c33d71c72bfb8773786d2f5e52b3.exe

C:\Users\Admin\AppData\Local\Temp\2974c33d71c72bfb8773786d2f5e52b3.exe
"C:\Users\Admin\AppData\Local\Temp\2974c33d71c72bfb8773786d2f5e52b3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2708-1-0x0000000000CE0000-0x00000000014CC000-memory.dmp

Filesize
7.9MB

Download
memory/2708-0-0x0000000074790000-0x0000000074F40000-memory.dmp

Filesize
7.7MB

Download
memory/2708-3-0x0000000005E20000-0x0000000005E21000-memory.dmp

Filesize
4KB

Download
memory/2708-2-0x0000000006090000-0x00000000060A0000-memory.dmp

Filesize
64KB

Download
memory/2708-5-0x0000000005FA0000-0x0000000006032000-memory.dmp

Filesize
584KB

Download
memory/2708-4-0x0000000006650000-0x0000000006BF4000-memory.dmp

Filesize
5.6MB

Download
memory/2708-6-0x00000000060A0000-0x00000000063F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-9-0x00000000064E0000-0x0000000006501000-memory.dmp

Filesize
132KB

Download
memory/2708-8-0x0000000006510000-0x000000000654C000-memory.dmp

Filesize
240KB

Download
memory/2708-7-0x0000000006480000-0x00000000064CC000-memory.dmp

Filesize
304KB

Download
memory/2708-10-0x0000000007500000-0x0000000007686000-memory.dmp

Filesize
1.5MB

Download
memory/2708-11-0x0000000007940000-0x000000000794A000-memory.dmp

Filesize
40KB

Download
memory/2708-13-0x0000000006090000-0x00000000060A0000-memory.dmp

Filesize
64KB

Download
memory/2708-12-0x0000000009F00000-0x000000000A1D2000-memory.dmp

Filesize
2.8MB

Download
memory/2708-15-0x0000000074790000-0x0000000074F40000-memory.dmp

Filesize
7.7MB

Download
memory/2708-16-0x0000000006090000-0x00000000060A0000-memory.dmp

Filesize
64KB

Download
memory/2708-14-0x000000000C520000-0x000000000C9EC000-memory.dmp

Filesize
4.8MB

Download
memory/2708-17-0x0000000006090000-0x00000000060A0000-memory.dmp

Filesize
64KB

Download
memory/2708-18-0x0000000006090000-0x00000000060A0000-memory.dmp

Filesize
64KB

Download
memory/2708-19-0x0000000006090000-0x00000000060A0000-memory.dmp

Filesize
64KB

Download