Overview

overview

10

Static

static

3

CC1924E912...18.exe

windows7-x64

10

CC1924E912...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    CC1924E912C7C31C5C9B18C9C62E9618.exe

  • Size

    47KB

  • Sample

    240127-qs3bsadah2

  • MD5

    cc1924e912c7c31c5c9b18c9c62e9618

  • SHA1

    bf2868fc126c1824a89184e661749b4bb2e17480

  • SHA256

    d75c9d4be8e7c01012b95bcd0378a9540333b9deceb56904af353d9a53344cc7

  • SHA512

    fb3552885c4ce2de870691d47a6e26fc16da1c4f6b05145724cb5bf131684fa34324d9fe08ce20c9b11611f5807609896b0b8504039a36a4a5f0a519d663d344

  • SSDEEP

    768:NMqeds3Wzo/TYoAUwhyx95UjKwAIT2ZCbseTL2KxT85mQ5xDDJ:NMLK3Xso0c75Uvt8CbsSL9xoFDJ

Score
10/10
zgratpersistencerat

Malware Config

Targets

    • Target

      CC1924E912C7C31C5C9B18C9C62E9618.exe

    • Size

      47KB

    • MD5

      cc1924e912c7c31c5c9b18c9c62e9618

    • SHA1

      bf2868fc126c1824a89184e661749b4bb2e17480

    • SHA256

      d75c9d4be8e7c01012b95bcd0378a9540333b9deceb56904af353d9a53344cc7

    • SHA512

      fb3552885c4ce2de870691d47a6e26fc16da1c4f6b05145724cb5bf131684fa34324d9fe08ce20c9b11611f5807609896b0b8504039a36a4a5f0a519d663d344

    • SSDEEP

      768:NMqeds3Wzo/TYoAUwhyx95UjKwAIT2ZCbseTL2KxT85mQ5xDDJ:NMLK3Xso0c75Uvt8CbsSL9xoFDJ

    Score
    10/10
    zgratpersistencerat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks