zgrat

Sharing

Copy URL Twitter E-mail

General

Target

5fad74cbc62dd1468d580291f6049a89c2bbde83a6ff0c4386ad4cd8e2116092.zip
Size

13.7MB
Sample

240101-ye478agddl
MD5

635aa49efd45271b8615180ed5a89b21
SHA1

9daa042235b825f18bdb8586d0f2ab8a3e7cc70f
SHA256

5fad74cbc62dd1468d580291f6049a89c2bbde83a6ff0c4386ad4cd8e2116092
SHA512

448ebc8ae72fc85b2eefbfbc286d24491a8514f1daad3140ee2fe29c8668514feff15a0d4b365009f90dd03595cf53adafeca18cbe3c8743f68b54f108da6c9f
SSDEEP

393216:WwyJiwcA9+7AcW38a6fZi5t1vHoZW8IxNl:WTJizA9+7AcW3SfZK1gZW8IZ

Score

10^/10

zgrat rat

Malware Config

Targets

- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/AWSSDK.Core.dll
- Size
  
  949KB
- MD5
  
  78a61c6ba040f6cb43e09f849bf00b5f
- SHA1
  
  3325c63428c0e7bcd60d164e05dfa9b1ac86e7ea
- SHA256
  
  69228cbba347610e81a2545c110df090418e18a6110e6c1fe5537cd22e1b8bb3
- SHA512
  
  159a35434e70b5c7bcff8640686956600f90464697fc709ad165856d0835542b15f3ef29a964814dca8ec4b89ddd14083fbf11ffad132d7b3c5e88ab72301bc7
- SSDEEP
  
  12288:V5sfKj6z7Axsqe38+2WqVB6ANLfz2jBkX9LPoj15WV/vJQIBqxUUKjmX:V5syj6rqWLZcLPe15WV6
Score

1^/10
behavioral1 behavioral2
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/AWSSDK.S3.dll
- Size
  
  635KB
- MD5
  
  90926caea4b506b06ef2ddaa0b2d766c
- SHA1
  
  3b1193db0b0e232e650fe0e782eb99a49d488c2b
- SHA256
  
  db8dc95df38281d83802174100635135f5bc8c46f9aa0fee4a6964f78ba301a4
- SHA512
  
  c8f355819d47e89082f998e3cdb661c5cef1a75372215a3bf58b0243fb5e7195face00720fd330aaf9d8e1fe456fc40c8031c94f204a4aafb229212e57603083
- SSDEEP
  
  12288:6rDQ5168YnYs+D1YiAJGN+7EZEUm3QX6csQg:6rbYsAw8Y7EZEUm3og
Score

1^/10
behavioral3 behavioral4
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/AirLiveDrive.exe
- Size
  
  8.1MB
- MD5
  
  05794e1e1be52863a423d9a2c5012eb6
- SHA1
  
  d758c472f09697182c16a626432850746616b078
- SHA256
  
  df2192da5c1bb91f8fb27c6ca931dfd0769e388c581a62f3ed038ad6351179b0
- SHA512
  
  daa4e300f16bf9c7c67c5202734b8802f11848e2fd84f73a913afd0bcadb53c16738ff3f47bbe52e7bd769253a8ae422bbbf53da9087d516f2f202f05943f2a4
- SSDEEP
  
  196608:DORFJK73EFHOup6FCvbCFR6sqxBUNa/gaLJc:/0FuK68v+QTGb9
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
behavioral5 behavioral6
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/AirLiveDriveShellEx.dll
- Size
  
  24KB
- MD5
  
  803e60b73ad4c4214e85b8bce0070706
- SHA1
  
  1f00c67610eee1dde69669fd24784c4825037f23
- SHA256
  
  c91cfd38be47e4749f5d93f31660cfb6395f472aa7e191d393248972d8888344
- SHA512
  
  3a1a9b65fa4c595b1e63c83de540d60e0be4ef7e0bd375546d17b3f16c9e3ce7967661b995492757ae34c657647821074957e7038ba05e834856776bd88fb730
- SSDEEP
  
  768:0j7zkEXIy8Gd+P+yFMIa4obiRGp9E+nlEy:wj8QAkIajbioQ+nlEy
Score

1^/10
behavioral7 behavioral8
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/BouncyCastle.Crypto.dll
- Size
  
  1.4MB
- MD5
  
  5fd58d5786b83e1053cd408b54447e40
- SHA1
  
  91db4eae554bc8294782960de14ee1942742ac67
- SHA256
  
  62bef0333e8fd3f919b4530c20da14db9e69dde329303be5109b544aa6c496d8
- SHA512
  
  811718e0cc1d25b18b165f033c306cfe61ae7b08770161dad1165dec54762cc61ab726594543c423f4573bed9e5456efcd9182c424dcd927d3e6c0b12a71ceae
- SSDEEP
  
  24576:dxaTTv4o+g+BR9J69Z86e9roAgepdaPcJ4Qx25LXygcP7bA4adkmn3f/QO:dAuBYKk0gLigcP7bA4adkmn3Z
Score

1^/10
behavioral10 behavioral9
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/DokanNet.dll
- Size
  
  63KB
- MD5
  
  88e245e01bba8ef8cacdff3ceee9e2b6
- SHA1
  
  41d6cc2417f7a00a90c6a437e287b877e4d1840e
- SHA256
  
  3a30a4760403036eb655791dd48b64817df714792647067a51a9f316f8ebcbeb
- SHA512
  
  4e94470ae3defbad1b890a35f22a40b5a1c65918a736b22e0604847abc589473ad0b870d986cbe21ab1d5f0f50e6fa6cae960c0a378a185468e2b1a4bc3f1782
- SSDEEP
  
  768:tEqObQjKyQgh2akt6RRojkpxm1gezDui/f6zp9SUstjy7CherTYtMtfiiJmH:qqOb0rh2lt6RBpTez5f6hChJkZJmH
Score

1^/10
behavioral11 behavioral12
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/GalaSoft.MvvmLight.Extras.dll
- Size
  
  21KB
- MD5
  
  43312122af66a3e99cf2f9c597012c22
- SHA1
  
  634d4c39a874eddd4a733c4548c37ffb0d2f467b
- SHA256
  
  8e248e95e6dc65317af9caaf6a43091d5cb75fd1302bae0a49dea821fa21dc8e
- SHA512
  
  2a73b9df94f219a2b8ddf54a7d1b176bb79fbae346ac8b30e3df82cb8c604c681960fd8208d68d30ca66ce4de9f9963b789d3105402d899fd930a4831bee2ee3
- SSDEEP
  
  384:x1ovgfOI8VYPh6+A8V34kAS8e9UnXQUkz+rybx0gWgRJTKkZAlphPyWA1isrH:x1o0pPg+KFS8e9UX5O+raVWgRJTKOShS
Score

1^/10
behavioral13 behavioral14
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/GalaSoft.MvvmLight.dll
- Size
  
  28KB
- MD5
  
  b349a5c9165cbb8663f82c31f9402d35
- SHA1
  
  e8b38649c05408da796e2dc21e699ca8352a059f
- SHA256
  
  60ffbd8a891acbe1adbe79d320806a32ae826575f5218a51379ffc83f03f62a7
- SHA512
  
  377c0c88f0febf3dbb4786ce823aa2cf2b85f55a654d9f3d10a44480a9f9b726a08bb2c03b190473f4f461824ecdcf0feb9af098d4840952a2accbc197e89e6e
- SSDEEP
  
  768:cO12uMd438J2Bd+5onSYEBHyOR+DmHKPrzX7uFL3xLA1n1s6j:b0uM63jv+2nCBFs8FFLA1r
Score

1^/10
behavioral15 behavioral16
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/MahApps.Metro.IconPacks.Core.dll
- Size
  
  18KB
- MD5
  
  dc56116606407faead999337742bbd53
- SHA1
  
  2d6fc0fed1eb7c78e39d5d17f7a547b91765ef2c
- SHA256
  
  2861cb55f24dae53ff82c236eea77206ff493a69dda47de9529cee2f7ae4f083
- SHA512
  
  cb12c1b99f0674cc12335fce7d6c15d85bb1af7a646466868f8598785ce412a2e1c75a3be39b0e278b4cf5e9f632dea1726934984798bfb7e16cde8dfda3f3c6
- SSDEEP
  
  384:p6/yVfAlzJL6e/ZSMOLfAXys/4cATFz6Wd8K39zejo8TH8Bk4oks2l2a6wIYYIHD:BM6e/ZsL43/4ctsIjo8TH8ifFW
Score

1^/10
behavioral17 behavioral18
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/MahApps.Metro.IconPacks.Entypo.dll
- Size
  
  489KB
- MD5
  
  11cdec52f9ba254a6b8cadfbac440c4e
- SHA1
  
  f48616be2465a53fcd683375e0f5f312792d357b
- SHA256
  
  f5f069467b93cf5b6700600fe84e7f7f04ef5cf1490ec1c5170272987afb6d9d
- SHA512
  
  824a658169b27fd462b13b5d00d5f3cc4afbeb86d95ef9c8d30cc7989c7199ce79a254c60a443dd8eb2bee59f098f942f7b74cce085b5ecdbaba8ed90dff45de
- SSDEEP
  
  6144:m/nrP4b71rPwhET9FDsBGZfiqJMUlOv5CuwVpKex7byEZAzftaDi/KAFwrSmfLKk:S5RLLKACX2
Score

1^/10
behavioral19 behavioral20
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/MahApps.Metro.IconPacks.Material.dll
- Size
  
  3.4MB
- MD5
  
  9bdbb38272bfd0518275f6e1605a69c3
- SHA1
  
  ead9abce46d9886dab0d64940f0814e51017a716
- SHA256
  
  4570a47103c15cf97f5792ab7dedfec4078535f0c41fa5007d6f7a19718d946b
- SHA512
  
  4cd6b6f8f9129667af1790ac0ac069b265480ba4cb2e67a80ab1a33d4e3e85aadf8883d9a37d21dfee37d8b46be60927229b74655d28a2c574f43cb62f973046
- SSDEEP
  
  6144:qDI1YXyhDfdr6X0XOAftcyC9gP9q0+wem9ouIq3LjZ6FisfOcrMipkoE8/Snsd4s:N9ddGXCVKL10h
Score

1^/10
behavioral21 behavioral22
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/MahApps.Metro.IconPacks.Modern.dll
- Size
  
  2.3MB
- MD5
  
  9059adf3ccf302cc9f34eba1e073118c
- SHA1
  
  b5a7850f2ea3ddef6573129b3492eb9571708141
- SHA256
  
  a687e83cda2c9cc46efa90f1ea79e97234f5677e4117650f942ceee8871aa837
- SHA512
  
  5ce00a93842830bc5552cfc1b542dfaccdaa8bcc1ecf29cab62e1f388db923f4de395e4b141e297077b4f0c9c1505b9078564dc51568a704dbc5354021410463
- SSDEEP
  
  12288:waEHRMkLA+r2Yw8PBnzPxgBOVYrv0OW3o3PTjrhpihw7A5Nsids/ohdVOXvAeeQw:waEHRV
Score

1^/10
behavioral23 behavioral24
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/MahApps.Metro.IconPacks.dll
- Size
  
  30KB
- MD5
  
  32a1f02afb0f6f744050f927e0fdf09a
- SHA1
  
  d0a9a0afe7d137237eec58226fc93066af374962
- SHA256
  
  a53538bd0cb06bdb33e2569a1faf794f28294e8317be7292ffe7be3eb8013848
- SHA512
  
  ac443497fb6d05434e814de3cb02d789624f1dd5ca4ae57011cfd5d20c041687c93ff7b60829ec7fce9eda36d01207001a824dc3c50b3e37b69e3ace1f0a1af1
- SSDEEP
  
  768:WYQzajN4iyiyCyCyiyiyCyadyGDmSIib:WYQmjOiyiyCyCyiyiyCyCyemSDb
Score

1^/10
behavioral25 behavioral26
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/MahApps.Metro.dll
- Size
  
  1.1MB
- MD5
  
  77fab5515a6c6c50c5e92e3a01346bcc
- SHA1
  
  f820f7d2b34026dd647a9922163d88031a629fe1
- SHA256
  
  25096123a285462554f2deeef2056fb9d3dca8a18c9194a03f85be5f222f7589
- SHA512
  
  537c8efa159fbc00fd4604a9aec40e5df3afebb011a9f6737055b4b1a148dbfbc6c60893a0c0dc3775de1358fc9e531e625b90f936c141aba5cfe39a4d37e431
- SSDEEP
  
  24576:dCcTxF1uBSTfw6B9PGkqp8ZWZk2NWxV/MHUG:dCcTxFpfwWJZWZyxV/5G
Score

1^/10
behavioral27 behavioral28
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/Microsoft.Practices.ServiceLocation.dll
- Size
  
  17KB
- MD5
  
  92a533be83b7fa43a1b18f009a7d450b
- SHA1
  
  e9ac62ebb0643bffb243d889c535a8abcd1ba52a
- SHA256
  
  34005d6a80434542780c6d192e6abd07bea49b2eeb7e43fbfdfe90c2889986e5
- SHA512
  
  b7ae35d9ab96c51b50998b46b8e73ba61bfc01812853c870872a18a3aa986db8a66d3b8e173e1d7dd58097c07b07afb64e5297b4b894b8fa1bf565773856a491
- SSDEEP
  
  384:D0xk42ZtyvslnQyrgbPyIH/rFzs4zwQW+p2W/1S0GftpBjcw4l:gVenwRBzwcTimwe
Score

1^/10
behavioral29 behavioral30
- Target
  
  Air libre Drive 1.8 Portable + libería/AirLiveDrive 1.8 pro portable/Microsoft.WindowsAPICodePack.Shell.dll
- Size
  
  529KB
- MD5
  
  54fe9a2748c4a0f282d4ec91e3cadc16
- SHA1
  
  970b783a697d893ecd4916dd86b5ff7574896c9e
- SHA256
  
  e6fa9d9e34ff3bf63ce782654b14e4b54a3abd1022c87bc099032c2948157672
- SHA512
  
  c7d567e3c039f98f3a99249b2d9bc2186c34efd73eec421331732d2307a8af940911381e27b015f58d0f65871bb4b038cc0f27d3fa495acd08994226bb033b7f
- SSDEEP
  
  6144:KRAFnp++R1yj124hKX97kANqQHlWBwn9dgPan1W86b8c3v6n9c6KwZErn+LYHtA:iApI2D97kANVFWBwn9iPIL9Mwh
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32