zgrat | a024f189799cced8d2b2b164f4cc73b0eb9e12784bc977f182175bb61c17a171

Analysis

max time kernel
24s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42faa54ab4183e9497c243e7543ac16f.exe
Size

371KB
MD5

42faa54ab4183e9497c243e7543ac16f
SHA1

89ac1eb6b7cf5e3c71966f9891b97e21a078f101
SHA256

a024f189799cced8d2b2b164f4cc73b0eb9e12784bc977f182175bb61c17a171
SHA512

8c4befdff6d72f78ef3fd0eaac34f9933bebd276f0d05863b301bc8199461ff6d7cd2ecf6eba7e1d4f1b1023613f164104c072effada5ced4a00138dbee481da
SSDEEP

6144:lTuY1NjS3LlNGyYePTDtVjSIbU2oCs8jvHtM/fifUfglQkg74PSn04ThflRHf2VF:lTVS3LloEPTDtYsZ3jPMiMga9OS04TrS

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 35 IoCs

resource	yara_rule
behavioral2/memory/1568-8-0x00000000078A0000-0x0000000007914000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-16-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-38-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-58-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-72-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-70-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-68-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-66-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-64-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-62-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-60-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-56-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-54-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-52-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-50-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-48-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-46-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-44-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-42-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-40-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-36-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-34-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-32-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-30-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-28-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-26-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-24-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-22-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-20-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-18-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-14-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-12-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-10-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1568-9-0x00000000078A0000-0x000000000790F000-memory.dmp	family_zgrat_v1
behavioral2/memory/1516-2375-0x0000000000400000-0x000000000042C000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1568	42faa54ab4183e9497c243e7543ac16f.exe

C:\Users\Admin\AppData\Local\Temp\42faa54ab4183e9497c243e7543ac16f.exe
"C:\Users\Admin\AppData\Local\Temp\42faa54ab4183e9497c243e7543ac16f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1568
- C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
  C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
  2⤵
  PID:3960
- C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
  C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
  2⤵
  PID:1516
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Ayynslcijttpsmyqcwsffl.vbs"
  2⤵
  PID:1860

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Roaming\dagke.exe'
1⤵
PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1516-2376-0x0000000005070000-0x000000000510C000-memory.dmp

Filesize
624KB

Download
memory/1516-2429-0x0000000005130000-0x0000000005140000-memory.dmp

Filesize
64KB

Download
memory/1516-2428-0x0000000074BA0000-0x0000000075350000-memory.dmp

Filesize
7.7MB

Download
memory/1516-2375-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1516-2378-0x0000000074BA0000-0x0000000075350000-memory.dmp

Filesize
7.7MB

Download
memory/1516-2379-0x0000000005130000-0x0000000005140000-memory.dmp

Filesize
64KB

Download
memory/1568-10-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-4-0x00000000058E0000-0x00000000058F0000-memory.dmp

Filesize
64KB

Download
memory/1568-16-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-38-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-58-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-72-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-70-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-68-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-66-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-64-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-62-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-60-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-56-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-54-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-52-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-50-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-328-0x0000000074BA0000-0x0000000075350000-memory.dmp

Filesize
7.7MB

Download
memory/1568-48-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-46-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-44-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-42-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-40-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-36-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-34-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-32-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-30-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-28-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-26-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-24-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-22-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-20-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-18-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-14-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-12-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-0-0x0000000000E90000-0x0000000000EF4000-memory.dmp

Filesize
400KB

Download
memory/1568-9-0x00000000078A0000-0x000000000790F000-memory.dmp

Filesize
444KB

Download
memory/1568-1781-0x00000000058E0000-0x00000000058F0000-memory.dmp

Filesize
64KB

Download
memory/1568-1-0x0000000074BA0000-0x0000000075350000-memory.dmp

Filesize
7.7MB

Download
memory/1568-8-0x00000000078A0000-0x0000000007914000-memory.dmp

Filesize
464KB

Download
memory/1568-7-0x00000000075C0000-0x0000000007636000-memory.dmp

Filesize
472KB

Download
memory/1568-3-0x0000000005900000-0x0000000005992000-memory.dmp

Filesize
584KB

Download
memory/1568-6-0x00000000074E0000-0x0000000007538000-memory.dmp

Filesize
352KB

Download
memory/1568-2361-0x0000000007950000-0x000000000796E000-memory.dmp

Filesize
120KB

Download
memory/1568-2377-0x0000000074BA0000-0x0000000075350000-memory.dmp

Filesize
7.7MB

Download
memory/1568-5-0x00000000059A0000-0x00000000059AA000-memory.dmp

Filesize
40KB

Download
memory/1568-2-0x0000000005F90000-0x0000000006534000-memory.dmp

Filesize
5.6MB

Download
memory/4932-2381-0x0000000074BA0000-0x0000000075350000-memory.dmp

Filesize
7.7MB

Download
memory/4932-2427-0x0000000074BA0000-0x0000000075350000-memory.dmp

Filesize
7.7MB

Download
memory/4932-2382-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

Filesize
64KB

Download
memory/4932-2418-0x0000000007450000-0x000000000745A000-memory.dmp

Filesize
40KB

Download
memory/4932-2380-0x00000000027B0000-0x00000000027E6000-memory.dmp

Filesize
216KB

Download
memory/4932-2398-0x00000000060C0000-0x00000000060DE000-memory.dmp

Filesize
120KB

Download
memory/4932-2397-0x0000000005C20000-0x0000000005F74000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2388-0x0000000005A80000-0x0000000005AE6000-memory.dmp

Filesize
408KB

Download
memory/4932-2385-0x0000000005940000-0x0000000005962000-memory.dmp

Filesize
136KB

Download
memory/4932-2401-0x00000000072A0000-0x00000000072D2000-memory.dmp

Filesize
200KB

Download
memory/4932-2416-0x0000000007A30000-0x00000000080AA000-memory.dmp

Filesize
6.5MB

Download
memory/4932-2414-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

Filesize
64KB

Download
memory/4932-2422-0x0000000007630000-0x0000000007644000-memory.dmp

Filesize
80KB

Download
memory/4932-2417-0x00000000073F0000-0x000000000740A000-memory.dmp

Filesize
104KB

Download
memory/4932-2420-0x00000000075F0000-0x0000000007601000-memory.dmp

Filesize
68KB

Download
memory/4932-2415-0x00000000072E0000-0x0000000007383000-memory.dmp

Filesize
652KB

Download
memory/4932-2419-0x0000000007680000-0x0000000007716000-memory.dmp

Filesize
600KB

Download
memory/4932-2412-0x00000000066A0000-0x00000000066BE000-memory.dmp

Filesize
120KB

Download
memory/4932-2399-0x0000000006100000-0x000000000614C000-memory.dmp

Filesize
304KB

Download
memory/4932-2402-0x00000000709A0000-0x00000000709EC000-memory.dmp

Filesize
304KB

Download
memory/4932-2400-0x000000007FC70000-0x000000007FC80000-memory.dmp

Filesize
64KB

Download
memory/4932-2421-0x0000000007620000-0x000000000762E000-memory.dmp

Filesize
56KB

Download
memory/4932-2423-0x0000000007740000-0x000000000775A000-memory.dmp

Filesize
104KB

Download
memory/4932-2424-0x0000000007670000-0x0000000007678000-memory.dmp

Filesize
32KB

Download
memory/4932-2384-0x0000000005310000-0x0000000005938000-memory.dmp

Filesize
6.2MB

Download
memory/4932-2386-0x0000000005A10000-0x0000000005A76000-memory.dmp

Filesize
408KB

Download
memory/4932-2383-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

Filesize
64KB

Download
memory/4932-2413-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads