zgrat | 23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895

General

Target

23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895.exe
Size

717KB
MD5

ec88a4c1dcfb3861f6c9c364deeabd94
SHA1

ed0d81e041345ddc9ff9fea8bad197ee1a66fe82
SHA256

23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895
SHA512

81f6ed64f54778aa59afbc515dd6a40b5acac397348801dadbddcfdc15711144c3085e08099ba2a28a98055039916ade0e0cde1ea6fcf78b1f5962e8651609a7
SSDEEP

12288:rtHCL6YFXDk8fwYXzlRLf3AM+lsEttF2s9NgztG2Qk/sxJhT:xHq6Y5hRLsGEvF2sOtGkIh

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 28 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2556-4-0x0000000000C60000-0x0000000000D04000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-5-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-6-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-8-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-10-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-12-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-14-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-20-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-18-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-22-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-24-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-26-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-28-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-30-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-32-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-34-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-36-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-38-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-40-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-42-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-44-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-46-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-48-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-50-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-52-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-54-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-56-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2556-16-0x0000000000C60000-0x0000000000CFE000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895.exe

description pid process

Token: SeDebugPrivilege 2556 23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895.exe

description	pid	process
Token: SeDebugPrivilege	2556	23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895.exe

C:\Users\Admin\AppData\Local\Temp\23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895.exe
"C:\Users\Admin\AppData\Local\Temp\23722503bdcc20ab9e6482bb2d3e92e50b13443799f361975bb36a91f0eeb895.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-0-0x00000000011B0000-0x000000000126A000-memory.dmp

Filesize
744KB

Download
memory/2556-1-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/2556-2-0x0000000004AB0000-0x0000000004AF0000-memory.dmp

Filesize
256KB

Download
memory/2556-3-0x0000000000660000-0x0000000000702000-memory.dmp

Filesize
648KB

Download
memory/2556-4-0x0000000000C60000-0x0000000000D04000-memory.dmp

Filesize
656KB

Download
memory/2556-5-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-6-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-8-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-10-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-12-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-14-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-20-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-18-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-22-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-24-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-26-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-28-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-30-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-32-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-34-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-36-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-38-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-40-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-42-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-44-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-46-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-48-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-50-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-52-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-54-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-56-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-16-0x0000000000C60000-0x0000000000CFE000-memory.dmp

Filesize
632KB

Download
memory/2556-58-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/2556-59-0x0000000004AB0000-0x0000000004AF0000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads