zgrat | f49a368529fcc6e6e9f1bc66b6254bda180d5d80189859d10116c9e5719eba1c | Triage

Submit
Reports

Overview

overview

Static

static

3

New order.exe

windows7-x64

New order.exe

windows10-2004-x64

Sharing

General

Target

New order.exe
Size

2.7MB
Sample

240105-nv5tksagek
MD5

223a5478aa62bccf577bbe240cdd47d6
SHA1

16c678d0837a434783e5d1e6194c5b3d29f2b044
SHA256

f49a368529fcc6e6e9f1bc66b6254bda180d5d80189859d10116c9e5719eba1c
SHA512

96244200041ccf3758d1b0389c8f8738973637cfa79835cadd6ba649b4949e194d7b1a61e9449a9c62bf1915d64db5da609c6cc67d34dc817c3e557d638ebabf
SSDEEP

49152:4pUqG1bx+C/DJLTmxwM0SWUBHtsRnKTzKGold49d:4C/NmDvT8aclm9

Score

10^/10

zgrat persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New order.exe

Resource

win7-20231215-en

zgrat persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

New order.exe

Resource

win10v2004-20231215-en

zgrat persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  New order.exe
- Size
  
  2.7MB
- MD5
  
  223a5478aa62bccf577bbe240cdd47d6
- SHA1
  
  16c678d0837a434783e5d1e6194c5b3d29f2b044
- SHA256
  
  f49a368529fcc6e6e9f1bc66b6254bda180d5d80189859d10116c9e5719eba1c
- SHA512
  
  96244200041ccf3758d1b0389c8f8738973637cfa79835cadd6ba649b4949e194d7b1a61e9449a9c62bf1915d64db5da609c6cc67d34dc817c3e557d638ebabf
- SSDEEP
  
  49152:4pUqG1bx+C/DJLTmxwM0SWUBHtsRnKTzKGold49d:4C/NmDvT8aclm9
Score

10^/10

zgrat persistence rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratpersistencerat

behavioral2

zgratpersistencerat

© 2018-2024

Terms | Privacy