Overview

overview

10

Static

static

3

doc0000000... .exe

windows7-x64

10

doc0000000... .exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    doc00000000000001312200_pdf .exe

  • Size

    46KB

  • Sample

    240123-jrka9ahcg2

  • MD5

    364ee961fab1596a1a852bca0aafb2e8

  • SHA1

    89f95a42f6905da9ac0ee4a5fcaffbd3e5cdc532

  • SHA256

    a5248e350454760fed2b9a33d8016b0d59a8394e692d1e28a0d33e30b3eb0fc2

  • SHA512

    2ab80b91c1d8177d8aff1cccc79dfca8a6ad50b2b556af983f5b9484547b89ce66ac7e446c8d2318a9c8b339f1f6da4f3fbd853e3d5f00347264c65c289437e4

  • SSDEEP

    96:nIzmisq8t08Y6qytdVYbP0C7m0KhJy0MR6b7XW9zNt:IzPu3qy7VemN873

Score
10/10
zgratpersistencerat

Malware Config

Targets

    • Target

      doc00000000000001312200_pdf .exe

    • Size

      46KB

    • MD5

      364ee961fab1596a1a852bca0aafb2e8

    • SHA1

      89f95a42f6905da9ac0ee4a5fcaffbd3e5cdc532

    • SHA256

      a5248e350454760fed2b9a33d8016b0d59a8394e692d1e28a0d33e30b3eb0fc2

    • SHA512

      2ab80b91c1d8177d8aff1cccc79dfca8a6ad50b2b556af983f5b9484547b89ce66ac7e446c8d2318a9c8b339f1f6da4f3fbd853e3d5f00347264c65c289437e4

    • SSDEEP

      96:nIzmisq8t08Y6qytdVYbP0C7m0KhJy0MR6b7XW9zNt:IzPu3qy7VemN873

    Score
    10/10
    zgratpersistencerat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks