Overview

overview

10

Static

static

3

473c2494c7...2e.exe

windows7-x64

10

473c2494c7...2e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    473c2494c78f335d09d00d927f39922e

  • Size

    826KB

  • Sample

    240106-1hvjasacb4

  • MD5

    473c2494c78f335d09d00d927f39922e

  • SHA1

    c7630a83a5317d773adec0a92f19fcb3ade43f65

  • SHA256

    cb526577476f2abb3d3219bd232e2320caa356dcb93dce21b0b084ffcc9048ac

  • SHA512

    96274bfe63b5aa993bdf26b18332528758d37a615cbe417226e6b5ebd0038e38e9995f875a34ac2f1cc071034ea9b92f00ba9c2ddf22db444ad491ba5792ba32

  • SSDEEP

    24576:PEpe1noj3NYFfGqvpO1mQbZ9AkCLEGEOy1GrF:PEpe1n2udh0Z/3/QR

Score
10/10
zgratpersistencerat

Malware Config

Targets

    • Target

      473c2494c78f335d09d00d927f39922e

    • Size

      826KB

    • MD5

      473c2494c78f335d09d00d927f39922e

    • SHA1

      c7630a83a5317d773adec0a92f19fcb3ade43f65

    • SHA256

      cb526577476f2abb3d3219bd232e2320caa356dcb93dce21b0b084ffcc9048ac

    • SHA512

      96274bfe63b5aa993bdf26b18332528758d37a615cbe417226e6b5ebd0038e38e9995f875a34ac2f1cc071034ea9b92f00ba9c2ddf22db444ad491ba5792ba32

    • SSDEEP

      24576:PEpe1noj3NYFfGqvpO1mQbZ9AkCLEGEOy1GrF:PEpe1n2udh0Z/3/QR

    Score
    10/10
    zgratpersistencerat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks