Overview

overview

10

Static

static

3

53CAA7A9A4...B2.exe

windows7-x64

10

53CAA7A9A4...B2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    53CAA7A9A4D652FAF58F633B9B0016B2.exe

  • Size

    4.3MB

  • Sample

    240309-xel6zafg7w

  • MD5

    53caa7a9a4d652faf58f633b9b0016b2

  • SHA1

    09a44b57173f2c69e497defd6d1a184090774d5d

  • SHA256

    51c56e404a2da658dc429d8977bab338b7729aa543df31bbd39dec04c4367c3b

  • SHA512

    0273066f2ccc04617b99961b09168477085f6f6079b8c6c8e90c667ca5679e5f9fbb88e57012073e0145b3199180a7d42a1af31f9376a1595a836d4e4c40c69d

  • SSDEEP

    98304:2sL8OJ0sThJRnua26MlCvfUOUrRAHmqPSXRuHL1rS7MMkFtULmM+Z:18OJnbRuayo3BESG8ShurJFtZZ

Score
10/10
zgratevasionpersistencerat

Malware Config

Targets

    • Target

      53CAA7A9A4D652FAF58F633B9B0016B2.exe

    • Size

      4.3MB

    • MD5

      53caa7a9a4d652faf58f633b9b0016b2

    • SHA1

      09a44b57173f2c69e497defd6d1a184090774d5d

    • SHA256

      51c56e404a2da658dc429d8977bab338b7729aa543df31bbd39dec04c4367c3b

    • SHA512

      0273066f2ccc04617b99961b09168477085f6f6079b8c6c8e90c667ca5679e5f9fbb88e57012073e0145b3199180a7d42a1af31f9376a1595a836d4e4c40c69d

    • SSDEEP

      98304:2sL8OJ0sThJRnua26MlCvfUOUrRAHmqPSXRuHL1rS7MMkFtULmM+Z:18OJnbRuayo3BESG8ShurJFtZZ

    Score
    10/10
    zgratevasionpersistencerat

    • Detect ZGRat V1

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Creates new service(s)

      persistence

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks