Overview

overview

10

Static

static

3

6468ae8449...72.exe

windows7-x64

10

6468ae8449...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6468ae8449e80445d3c4f0b673789472

  • Size

    9.1MB

  • Sample

    240118-ekq31acchp

  • MD5

    6468ae8449e80445d3c4f0b673789472

  • SHA1

    760633b121e509b6a5b3e719b01ba9a6f55af242

  • SHA256

    da2af0e7d40676f69d49f5b6ec82eb64f3fd2cd370d736e96440fed6865ee38e

  • SHA512

    af9047a043b71448ff6583ec71c6524799d8718a97c610d9c5d5db79222bb216560c7442302ddf85ccea3a156a034735ff28271a76eb98e382f9313a9c09d7d9

  • SSDEEP

    49152:o6htfsL5dZuUhBr1VmdK6y8z48RoczikkqydkvKsEluo1sp257eFMIyuqq+HbVb9:c

Score
10/10
zgratpersistencerat

Malware Config

Targets

    • Target

      6468ae8449e80445d3c4f0b673789472

    • Size

      9.1MB

    • MD5

      6468ae8449e80445d3c4f0b673789472

    • SHA1

      760633b121e509b6a5b3e719b01ba9a6f55af242

    • SHA256

      da2af0e7d40676f69d49f5b6ec82eb64f3fd2cd370d736e96440fed6865ee38e

    • SHA512

      af9047a043b71448ff6583ec71c6524799d8718a97c610d9c5d5db79222bb216560c7442302ddf85ccea3a156a034735ff28271a76eb98e382f9313a9c09d7d9

    • SSDEEP

      49152:o6htfsL5dZuUhBr1VmdK6y8z48RoczikkqydkvKsEluo1sp257eFMIyuqq+HbVb9:c

    Score
    10/10
    zgratpersistencerat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks