Overview

overview

10

Static

static

3

ghghgfhgfh.exe

windows7-x64

10

ghghgfhgfh.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ghghgfhgfh.exe

  • Size

    666KB

  • Sample

    240311-p1lhkafc32

  • MD5

    d8cec9abef1a3d395031b4528a39203f

  • SHA1

    4a0603a98dd87ea78acb3b90613f1b9cc7c5e7f3

  • SHA256

    14b67f3273192e061b04c05bb81aea8794f58a856b762006fb2359f55230327c

  • SHA512

    7106cc6f72cf54f368fc6052f6043024c6cff6711efdadf4bc696889cecb950f31f1c3b6caebb07bf4be605885d3aa0509078d20e705c698dd2f81b6cc31634c

  • SSDEEP

    12288:OPjMEqtt7uY2R7e9Q6bfCo8VZAr671FAAb7qNf72wkfuXdwuKhS5Ec7sTxKR9gVq:yqtt7zRpbfCo8VZK671FAOqNf725futL

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      ghghgfhgfh.exe

    • Size

      666KB

    • MD5

      d8cec9abef1a3d395031b4528a39203f

    • SHA1

      4a0603a98dd87ea78acb3b90613f1b9cc7c5e7f3

    • SHA256

      14b67f3273192e061b04c05bb81aea8794f58a856b762006fb2359f55230327c

    • SHA512

      7106cc6f72cf54f368fc6052f6043024c6cff6711efdadf4bc696889cecb950f31f1c3b6caebb07bf4be605885d3aa0509078d20e705c698dd2f81b6cc31634c

    • SSDEEP

      12288:OPjMEqtt7uY2R7e9Q6bfCo8VZAr671FAAb7qNf72wkfuXdwuKhS5Ec7sTxKR9gVq:yqtt7zRpbfCo8VZK671FAOqNf725futL

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks