Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    6.2MB

  • Sample

    240112-wbp8sacfgk

  • MD5

    a69e9fba99f717cb811554e1985f45c2

  • SHA1

    f8057be04f9e0a00a53a6b5fc66e43345592668f

  • SHA256

    14b900286ac776a901ff3beb49507b83cb7902276d51c011360f837669ba7a66

  • SHA512

    9016deaf6dffd6e03339416a0d11437bc64d53495f952268fc4b0b9d0a39d3f8faf0d57c8cf9dd3ac95f5ff52cb4daf38d2b7a26bf278bed90efbfaf410e9103

  • SSDEEP

    98304:Du8DZiccE2uEwXDiPz9G2rYIDujbOW9acwIxcGieIxcGiP:D1mEUuWbQ2VOawgpGNpGI

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      file.exe

    • Size

      6.2MB

    • MD5

      a69e9fba99f717cb811554e1985f45c2

    • SHA1

      f8057be04f9e0a00a53a6b5fc66e43345592668f

    • SHA256

      14b900286ac776a901ff3beb49507b83cb7902276d51c011360f837669ba7a66

    • SHA512

      9016deaf6dffd6e03339416a0d11437bc64d53495f952268fc4b0b9d0a39d3f8faf0d57c8cf9dd3ac95f5ff52cb4daf38d2b7a26bf278bed90efbfaf410e9103

    • SSDEEP

      98304:Du8DZiccE2uEwXDiPz9G2rYIDujbOW9acwIxcGieIxcGiP:D1mEUuWbQ2VOawgpGNpGI

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks