Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

1

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    2.7MB

  • Sample

    240310-v4vhjahb72

  • MD5

    c45914bb84b2703e5bebe5a16945b168

  • SHA1

    0647b49184a37099e39c43556e8d0244909edef3

  • SHA256

    6d0b474f71319576e3781210487157ee50753f09e2bbe584a65c0b438971c984

  • SHA512

    6de8933a35dfcf99c57b5a37fcebcc5d72eab69b2db78b11af9174acd179edde2d226688ea8d114940a8762e46e8ebec63dbe9bcc4ac20385645c4341d681928

  • SSDEEP

    24576:p2oQPs1XwWHYdSA9CMjBALuxY4OPsW7LQ3IA/6oYESBJ+YavIz+q/pGzxLoO9uWQ:/2sihLjqqY4LWY3ITd9BJ+YaPcNO

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      tmp

    • Size

      2.7MB

    • MD5

      c45914bb84b2703e5bebe5a16945b168

    • SHA1

      0647b49184a37099e39c43556e8d0244909edef3

    • SHA256

      6d0b474f71319576e3781210487157ee50753f09e2bbe584a65c0b438971c984

    • SHA512

      6de8933a35dfcf99c57b5a37fcebcc5d72eab69b2db78b11af9174acd179edde2d226688ea8d114940a8762e46e8ebec63dbe9bcc4ac20385645c4341d681928

    • SSDEEP

      24576:p2oQPs1XwWHYdSA9CMjBALuxY4OPsW7LQ3IA/6oYESBJ+YavIz+q/pGzxLoO9uWQ:/2sihLjqqY4LWY3ITd9BJ+YaPcNO

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks