Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

C4PROLoader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C4PROLoader.exe

  • Size

    13.6MB

  • Sample

    240118-3s617ahccn

  • MD5

    94fea3c3b17c977694855e4ac54c4787

  • SHA1

    9b4ea5bfa334868a26064383be57bd1a5d651337

  • SHA256

    4641f9693582852a6259a184c1a9e07d9d8d7195477e37ae95553864bb4150ab

  • SHA512

    f1c8ada5d0fe80610a8a18028ac06321a35fa9a7ccbfc10ab2b25bb347938cc27af66711ae7312319f2b924213c75f77bc9cc4486c9c65dde9052fee45774183

  • SSDEEP

    393216:fKBYUYZdsuCU6+RNthTG5cWcOifBtwISdL:1+uC6v3G5cWSOI

Score
10/10
zgratevasionpersistencerat

Malware Config

Targets

    • Target

      C4PROLoader.exe

    • Size

      13.6MB

    • MD5

      94fea3c3b17c977694855e4ac54c4787

    • SHA1

      9b4ea5bfa334868a26064383be57bd1a5d651337

    • SHA256

      4641f9693582852a6259a184c1a9e07d9d8d7195477e37ae95553864bb4150ab

    • SHA512

      f1c8ada5d0fe80610a8a18028ac06321a35fa9a7ccbfc10ab2b25bb347938cc27af66711ae7312319f2b924213c75f77bc9cc4486c9c65dde9052fee45774183

    • SSDEEP

      393216:fKBYUYZdsuCU6+RNthTG5cWcOifBtwISdL:1+uC6v3G5cWSOI

    Score
    10/10
    zgratevasionpersistencerat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Creates new service(s)

      persistence

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks