zgrat

Sharing

Copy URL Twitter E-mail

General

Target

22c14ff12f73599b0a22e54890cb26a95221cdd154ee4c170e7070e2f428386d
Size

2.6MB
Sample

240101-v7njdsehaq
MD5

0fdeb92209861102c8aba91a38607fe5
SHA1

ae7615d9167eec1eb24ea136ce572558c74269b4
SHA256

22c14ff12f73599b0a22e54890cb26a95221cdd154ee4c170e7070e2f428386d
SHA512

93b924fb3faac1e0e4af438e15f280e21e33f7172fe1599bc768f83e23b1d1a762e0b82674a90ab05a2c6242c197cd5a725dffa525a55482fa9fc459c5f3a8b4
SSDEEP

49152:FCYmAArEdWHu6p8qcAiWXFp4Q7+Wg3gsN3fIUX4ohNm/5XhG34AiROokINxq7UMp:F7mAdyu6KqcZWXFpDufvXzU11lwqi7nj

Score

10^/10

zgrat rat

Malware Config

Targets

- Target
  
  Output/AdGuard.Utils.Base.dll
- Size
  
  830KB
- MD5
  
  ff849096a6254b58dd80f1d92cf3bdff
- SHA1
  
  2c1b85623645a90690d272b48c6b1c81cd4041df
- SHA256
  
  0d2237655b5a0c00e2832391f2cdee296162215ef1582b399a9ce3ea74bb6056
- SHA512
  
  c3cad09468585012281e6fd955b25675d13b0d5fd0e69836eeef589d57c40f5595f207e7a672d90a58b3d326a5cbf26fc403e64967f639bbbd8f56f84a370507
- SSDEEP
  
  12288:d899BetIE44TrrB7YWie5iyQ7oGpXxm9ffySFlTqqv:diTf6B8e5iyQ7LW2qv
Score

1^/10
behavioral1 behavioral2
- Target
  
  Output/AdGuard.Utils.dll
- Size
  
  1.7MB
- MD5
  
  6ea4dbfa4e1f9801b943b521916dce01
- SHA1
  
  5be2384411044b7646baad5760da9f25cdb417a2
- SHA256
  
  83bb696aee98039cde9cfa693eec225c9eced63e85f50ad7e26d8be64b3e4aac
- SHA512
  
  a51b59d730989f0d849dc25ab7f62215f33eb27f3048287bc59bfe1e04009cd78a465a667ccc7f657798e534968fdf79e1a64a9c1cfe54184fbb880b73b71a8f
- SSDEEP
  
  24576:PaubZ4QJVOthGR9tyH0qEolOhg/URpcIM8TB+XA0VswF7:zScOeRTvjJh7Z0XAEsW
Score

1^/10
behavioral3 behavioral4
- Target
  
  Output/Adguard.DriverRemovalTool.exe
- Size
  
  387KB
- MD5
  
  983fc2873bff314a11ac9e5d22add155
- SHA1
  
  087c912be09868342e7f598a1de2b358d28e4b75
- SHA256
  
  c7941160af6b756aed451b6d8176e25271444833b2f8932413439eda10aef4ec
- SHA512
  
  b9bf6b0f867b0ab96c1c8aaf50de653187cab3640d48d6cb8aca55f6b5b56058cb6f5189e230b26544fc29b8ff02d907711e30a15e96dc2dea3bf67594d161ee
- SSDEEP
  
  6144:YEwgR09oLrgbiEXETUahrQPrCyTj8ISoMtRQE2z3Dczls:YeLrgVEPhEPrCyTM43IJs
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
behavioral5 behavioral6
- Target
  
  Output/Adguard.Shared.dll
- Size
  
  362KB
- MD5
  
  86d0f354eae0771f9413c5cd337da45c
- SHA1
  
  db565b00dbfd762fd65b1bfe3996b997ac97d379
- SHA256
  
  8cf23f1d851e4e4e323adf21070a0c3588e30b5ae8b82d040901851f9e12b858
- SHA512
  
  c3d4d3bab3596afc7e3b7835669c51c83c70fe1582d326cfd2b7b44246e7e81cd3fabe92a7c669969dcc89b86bddc8f7272561284ee91f109f518d3ff5fe536e
- SSDEEP
  
  3072:xPor6GvAUp1aLctSJrsZB98a/h4DCXWdtDiE9VZxqOB1bTSyXQppWM24B0rQUCou:NGvPp1iJJYZBuap4gWFAP0rQUCexp7lk
Score

1^/10
behavioral7 behavioral8
- Target
  
  Output/Adguard.UninstallUtility.exe
- Size
  
  596KB
- MD5
  
  72cd1413141e1b7cdc9c009618bfb3d7
- SHA1
  
  3c52bd5a95a0512fb754bd6568672e5e530939fd
- SHA256
  
  c90bf1b1efc56bbac6e07aa86a6597c07439ff911b2adf95bea23baef62daf7b
- SHA512
  
  dab098d9a645b6df8eec02cfa28d10a27cb0e5ce13fa2685891c418a95d9bc06e15cbdc343460dcd8b004055291a44a013a880c367b67e42c241888000505593
- SSDEEP
  
  12288:RaVw3wvq7iucSGueKfH38YZB75IW0eLTNflt3qP+:Rm2wvjcYCfiP+
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
behavioral10 behavioral9
- Target
  
  Output/Ionic.Zip.dll
- Size
  
  451KB
- MD5
  
  6ded8fcbf5f1d9e422b327ca51625e24
- SHA1
  
  8a1140cebc39f6994eef7e8de4627fb7b72a2dd9
- SHA256
  
  3b3e541682e48f3fd2872f85a06278da2f3e7877ee956da89b90d732a1eaa0bd
- SHA512
  
  bda3a65133b7b1e2765c7d07c7da5103292b3c4c2f0673640428b3e7e8637b11539f06c330ab5d0ba6e2274bd2dcd2c50312be6579e75c4008ff5ae7dae34ce4
- SSDEEP
  
  6144:leSYvQAd10GtSV41OJDsTDDVUMle6ZjxLV/rHo0Oaaz2R9IY:oJBdBS4msNUCe65frHMnz2R9
Score

1^/10
behavioral11 behavioral12
- Target
  
  Output/Microsoft.Deployment.WindowsInstaller.dll
- Size
  
  172KB
- MD5
  
  9cc443b70ea68fb136dd54d6daaeca0e
- SHA1
  
  20abab73d00b4bfc13b57471f41218fa89077949
- SHA256
  
  a1da28cb626cb52661d2d6e0a6fb14b97dca16d88ff755a967b7507d38998c44
- SHA512
  
  2508527543d36d855d6e07a39076a7549d7a8157ee52732e48ccb5617b0c8081797d0a2d5d053ea1aafd8bceaab7c67e3153f06b440a7a7f3e80b04e5e169eef
- SSDEEP
  
  3072:8Y3P0LZuWcqIevIYFvd+BFGR69UgoXafHTWCnfKlRUjW01Ky0:EMiFvmER6joKfzL
Score

1^/10
behavioral13 behavioral14
- Target
  
  Output/NetReg/x64/AdguardNetLib.dll
- Size
  
  198KB
- MD5
  
  0ccc4ff593644b056be88c1f0e3066d7
- SHA1
  
  d842411002ee5f477916bad3c6ce1e6e3eb36647
- SHA256
  
  5bd4b2e08a6f7d27388e059fb023524c573074f44c89c0369b9befe7b128c8a1
- SHA512
  
  efaf8fe7130327c101f762887fa92f72d39685c00e749d39040fd2779afa8a0601f2eb8ac9a8f50c537fe731c3f4b596aa663a9c1607e83d59b6d45f66823858
- SSDEEP
  
  6144:RcXi9chG+7lZTku9ocqDz7eFb5ZrJl9iI:R0kSGmaveXKI
Score

1^/10
behavioral15 behavioral16
- Target
  
  Output/NetReg/x64/AdguardNetReg.exe
- Size
  
  94KB
- MD5
  
  1d8c402bae6fea277ad98cbf3d472ae1
- SHA1
  
  bc8a84b72b48e88eb7007fa247e59801e97b079c
- SHA256
  
  7c2048ce291199d4fc040fbc0f724e29a8bfbd03def0dc6681b3de73d42fb1a1
- SHA512
  
  6ba643b51197c28214ed64f8ce1c38c5de988ea13f08843980591ef980cf820fb0bcd3f87c4da1089598c80a2cc3ef4d5ae21eab9fcc060effefb4e98583c473
- SSDEEP
  
  1536:0C7T+U51dyEy3UbwR44BEiB9LDAceZxS7GE8s8asW4dPDoCQlb+imlp:0WT3ByZ3UER44BD3DAH6f8VPDoC2ii0p
Score

1^/10
behavioral17 behavioral18
- Target
  
  Output/NetReg/x86/AdguardNetLib.dll
- Size
  
  165KB
- MD5
  
  77b9375d5e5efbac17e2034e46f66689
- SHA1
  
  c40a1538899a36a26a50a7a873b2eaa45c935457
- SHA256
  
  42beaa5e0cf8a6c7d13cc55f78bbaf479367835d6435fb424f5e85bd8d328be5
- SHA512
  
  ab461f7ccda0eca813d7edc0bc92079b04ea2ff403508ae0a48f35a9e986b6eeaf44bd6fb09ed4a818c91f80723bc17a09a51102feabe6bb881889ffba2fd240
- SSDEEP
  
  3072:Y8wV68fVWThTSmo5Nbc8tyvsqTP1VUiXhhV/:wfwl2RNnt+rgmhV/
Score

1^/10
behavioral19 behavioral20
- Target
  
  Output/NetReg/x86/AdguardNetReg.exe
- Size
  
  83KB
- MD5
  
  ab94ec9013faf93493628b02a38947f4
- SHA1
  
  f4d0a9b768448e3374d70a345d574ff4a99eb0b1
- SHA256
  
  7cde8b13f380e6ebd2a3e039fdb0c147dcc3e93667069021a7afca9f626300fe
- SHA512
  
  65252d0435f8544ed4a9e2e7dece27feb2bb819e93c6b284312391c65fcdf8aea6e1ea4577905cec209cbbd2fdb08656fdc749359516a3c0d31c23e3144d598e
- SSDEEP
  
  1536:fygysZrXIi3Ji07tVIc8yx1sWjcdghlYSS7KDlx:fygysZzHEyQgvvpDb
Score

1^/10
behavioral21 behavioral22
- Target
  
  Output/Newtonsoft.Json.dll
- Size
  
  647KB
- MD5
  
  5afda7c7d4f7085e744c2e7599279db3
- SHA1
  
  3a833eb7c6be203f16799d7b7ccd8b8c9d439261
- SHA256
  
  f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4
- SHA512
  
  7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944
- SSDEEP
  
  6144:3o4V9ynqKoxhi0gAsfLBhJJzhGIVrdhoHuLFGAJmKApt5psaLGBFahKGRd67XLEm:LyncxQRhJJzhoqgH5sB4dxHG
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

Detect ZGRat V1

ZGRat

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24