zgrat | f980b2377c9cd2ff4415608fff97031062be1788bfd981ae55f9e92c4985ada4

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bb445595d0ba608445d99f434c82c4b.exe
Size

772KB
MD5

1bb445595d0ba608445d99f434c82c4b
SHA1

359a1462d1f386d7147d1d2211f740722932a9be
SHA256

f980b2377c9cd2ff4415608fff97031062be1788bfd981ae55f9e92c4985ada4
SHA512

6805cfcf3c1600a270b637610219e2b975672a460ca6c88117a9f52c998e88a120a768a8d981adeb9f8512931ae90a7e34c2a157b880697e8f486e0507b552f5
SSDEEP

12288:FZRc9ADPMIN1nNyZQoJmyB0jxPeb2kdpkiss8LXAoz6JE0Yg6XyQLV8D:FzaINut4yB0FOdssMXAw6jYg6CQLVu

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 31 IoCs

resource	yara_rule
behavioral1/memory/2880-6-0x0000000005CF0000-0x0000000005D6E000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-7-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-8-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-10-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-12-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-16-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-14-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-22-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-20-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-18-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-26-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-24-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-32-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-30-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-28-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-38-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-36-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-34-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-42-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-44-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-40-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-46-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-48-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-52-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-50-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-58-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-56-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-54-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-64-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-62-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1
behavioral1/memory/2880-60-0x0000000005CF0000-0x0000000005D68000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2880	1bb445595d0ba608445d99f434c82c4b.exe

C:\Users\Admin\AppData\Local\Temp\1bb445595d0ba608445d99f434c82c4b.exe
"C:\Users\Admin\AppData\Local\Temp\1bb445595d0ba608445d99f434c82c4b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2880-0-0x0000000000130000-0x00000000001F6000-memory.dmp

Filesize
792KB

Download
memory/2880-1-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download
memory/2880-2-0x0000000004EA0000-0x0000000004EE0000-memory.dmp

Filesize
256KB

Download
memory/2880-3-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download
memory/2880-5-0x0000000004FE0000-0x0000000005066000-memory.dmp

Filesize
536KB

Download
memory/2880-4-0x0000000004EA0000-0x0000000004EE0000-memory.dmp

Filesize
256KB

Download
memory/2880-6-0x0000000005CF0000-0x0000000005D6E000-memory.dmp

Filesize
504KB

Download
memory/2880-7-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-8-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-10-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-12-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-16-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-14-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-22-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-20-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-18-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-26-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-24-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-32-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-30-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-28-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-38-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-36-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-34-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-42-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-44-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-40-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-46-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-48-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-52-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-50-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-58-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-56-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-54-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-64-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-62-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-60-0x0000000005CF0000-0x0000000005D68000-memory.dmp

Filesize
480KB

Download
memory/2880-66-0x0000000004EA0000-0x0000000004EE0000-memory.dmp

Filesize
256KB

Download
memory/2880-67-0x0000000004EA0000-0x0000000004EE0000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads