Overview

overview

10

Static

static

3

a3307a6fe6...f7.exe

windows7-x64

10

a3307a6fe6...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3307a6fe60f5ac371b3574fc09071f7

  • Size

    1.1MB

  • Sample

    240225-h3h2wsfc6y

  • MD5

    a3307a6fe60f5ac371b3574fc09071f7

  • SHA1

    2aec8c36c3d73a07f4a12fe222561e66280fb412

  • SHA256

    e004bb8d2142ede64720018e9691f452a31dd7cb966228665b5b2b2ebe38b9a9

  • SHA512

    3c8125a42740fff87cbc12cae74aed44e4f2cbfb4bd5a0ba534272367790afcee4f60a92ce7f1bba4516e7e7135d315a67b7c156a9f2af316e6808164128498c

  • SSDEEP

    24576:Ivv/Nv+kTipbeEx1QOQ9+dWoLZTjqZ0Y6Yb:Iv9vdTipdxHJNTGZ0PY

Score
10/10
zgratpersistencerat

Malware Config

Targets

    • Target

      a3307a6fe60f5ac371b3574fc09071f7

    • Size

      1.1MB

    • MD5

      a3307a6fe60f5ac371b3574fc09071f7

    • SHA1

      2aec8c36c3d73a07f4a12fe222561e66280fb412

    • SHA256

      e004bb8d2142ede64720018e9691f452a31dd7cb966228665b5b2b2ebe38b9a9

    • SHA512

      3c8125a42740fff87cbc12cae74aed44e4f2cbfb4bd5a0ba534272367790afcee4f60a92ce7f1bba4516e7e7135d315a67b7c156a9f2af316e6808164128498c

    • SSDEEP

      24576:Ivv/Nv+kTipbeEx1QOQ9+dWoLZTjqZ0Y6Yb:Iv9vdTipdxHJNTGZ0PY

    Score
    10/10
    zgratpersistencerat

    • Detect ZGRat V1

    • Modifies WinLogon for persistence

      persistence

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks