zgrat | 150db7e3c65a152c3a056733e8b42451ff22f13b10c6676bf4933d6f4e0797ad | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

PO 803707375.exe

windows7-x64

PO 803707375.exe

windows10-2004-x64

Sharing

General

Target

150db7e3c65a152c3a056733e8b42451ff22f13b10c6676bf4933d6f4e0797ad.img
Size

1.7MB
Sample

240213-c9vrdacd5t
MD5

5e24d6828feef5faaf054185f13aec63
SHA1

56af94995d5336302c86fc492afd3969c4eb33c8
SHA256

150db7e3c65a152c3a056733e8b42451ff22f13b10c6676bf4933d6f4e0797ad
SHA512

783c9e423544cf9bb87efbcdfff97e1c162575cbc49a24bb822855f090c98299023de1a3f7b3462b8148cbdcd296907a7609f6e83fe0e54f3ac07580175af91f
SSDEEP

24576:Lu3lUF+zynY3kq1EP07HlzrGyiXoX/njc+9cRQ38mG:Lu+Y3kqJFzrcoX/njB9cY8

Score

10^/10

zgrat persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO 803707375.exe

Resource

win7-20231129-en

zgrat persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO 803707375.exe

Resource

win10v2004-20231222-en

zgrat persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  PO 803707375.exe
- Size
  
  1.6MB
- MD5
  
  d76fbdd502935147727b658a1f54606b
- SHA1
  
  5b34d209f664bb04f4a9fa431159cc1e24ccf641
- SHA256
  
  767ba9a305c7ecb8bf1779211e93bd673a8520015e64013f6e43a7ddd355f92f
- SHA512
  
  c460b4706f85507d12b00a878585db4fbdeaca2abe9fe22239c67dbab9e12dbb3b64f212e5d0461b37254ce02bbcdbe0a7b3862155f387baebf3e6ca16f979d2
- SSDEEP
  
  24576:Bu3lUF+zynY3kq1EP07HlzrGyiXoX/njc+9cRQ38mG:Bu+Y3kqJFzrcoX/njB9cY8
Score

10^/10

zgrat persistence rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratpersistencerat

behavioral2

zgratpersistencerat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.