Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4168406dbd...4c.exe

windows7-x64

10

4168406dbd...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4168406dbd28c5b416f4435e0c40644c.exe

  • Size

    2.3MB

  • Sample

    240203-3yz5tscgc8

  • MD5

    4168406dbd28c5b416f4435e0c40644c

  • SHA1

    a9bd0155ab9bf43fd0fd92ade8e860333cbac098

  • SHA256

    2af462168bad2cb895fdaf9f778fa2021d8e77ba7212f02f3cb3f3ac0f03431d

  • SHA512

    acba52424c66e8998c4642b1cb55ed99f3f53867483640a62f3aa171234ee4e04f4394b2f7eb09944e6fe259866460a9feaeddcb7555d9a3503b545da3ebfc12

  • SSDEEP

    49152:tBXEr/iSw+0VETjpsFjo4HceGVhp3aZRle4WhpjNp8Wb:nULpw+5TT4HOZahe4GNp8S

Score
10/10
zgratevasionratspywarestealer

Malware Config

Targets

    • Target

      4168406dbd28c5b416f4435e0c40644c.exe

    • Size

      2.3MB

    • MD5

      4168406dbd28c5b416f4435e0c40644c

    • SHA1

      a9bd0155ab9bf43fd0fd92ade8e860333cbac098

    • SHA256

      2af462168bad2cb895fdaf9f778fa2021d8e77ba7212f02f3cb3f3ac0f03431d

    • SHA512

      acba52424c66e8998c4642b1cb55ed99f3f53867483640a62f3aa171234ee4e04f4394b2f7eb09944e6fe259866460a9feaeddcb7555d9a3503b545da3ebfc12

    • SSDEEP

      49152:tBXEr/iSw+0VETjpsFjo4HceGVhp3aZRle4WhpjNp8Wb:nULpw+5TT4HOZahe4GNp8S

    Score
    10/10
    zgratevasionratspywarestealer

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks