Overview

overview

10

Static

static

10

8aec0333a0...31.exe

windows7-x64

10

8aec0333a0...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8aec0333a0b42c6a717c8a2dc6a2ce2b76dc806c6e1a4816cb51af9c5af55731.exe

  • Size

    1.6MB

  • Sample

    240213-dqzrnaga74

  • MD5

    a2546c042f4e31597a83d5d0732d4730

  • SHA1

    214f01f4ef0c65e17fb3a42e43b1315c55c3f0c3

  • SHA256

    8aec0333a0b42c6a717c8a2dc6a2ce2b76dc806c6e1a4816cb51af9c5af55731

  • SHA512

    af5c23994c9a174efd1ac694dbc4aa2649eb8bb795701c8531d4b53d23a7d14ec9b1470b5250429771e8788c6fe7bf77bde549ee0655318777dc9b4ac7213215

  • SSDEEP

    24576:dpvTQJAutjYcQt3icthumBbD73S8GW1VMuAK/vfgGx7Dxeylmwv4SvOnJxKISR:vkqR7CpW1auAufgGFDxeKv/WKV

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      8aec0333a0b42c6a717c8a2dc6a2ce2b76dc806c6e1a4816cb51af9c5af55731.exe

    • Size

      1.6MB

    • MD5

      a2546c042f4e31597a83d5d0732d4730

    • SHA1

      214f01f4ef0c65e17fb3a42e43b1315c55c3f0c3

    • SHA256

      8aec0333a0b42c6a717c8a2dc6a2ce2b76dc806c6e1a4816cb51af9c5af55731

    • SHA512

      af5c23994c9a174efd1ac694dbc4aa2649eb8bb795701c8531d4b53d23a7d14ec9b1470b5250429771e8788c6fe7bf77bde549ee0655318777dc9b4ac7213215

    • SSDEEP

      24576:dpvTQJAutjYcQt3icthumBbD73S8GW1VMuAK/vfgGx7Dxeylmwv4SvOnJxKISR:vkqR7CpW1auAufgGFDxeKv/WKV

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Detects executables packed with unregistered version of .NET Reactor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks