zgrat | 81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878 | Triage

Submit
Reports

Overview

overview

Static

static

81b6bfa7d9...78.exe

windows7-x64

81b6bfa7d9...78.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
Size

3.6MB
Sample

240312-dcm6psgb53
MD5

0bf1924b9798aca8209bd09c8b9bfa91
SHA1

73822b5c501c392c71ab5433ac7a4aa0621705f9
SHA256

81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878
SHA512

cecdc8b1bf30d84a79ad85517e7007f8cb27e60524e295a58a862408d176ec0050dd7f6ed04b761208451c0f834c2f8644d542572c2268d4afd70f184d36d3a5
SSDEEP

49152:9vCcUyqT2muamcOcQFCLao+7oZO106h4YL6YmKl/DwiQx8kVBfsiZPJNtW9:9qaqTj5mcOcQF6aBl3nSyiy9

Score

10^/10

zgrat rat

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Resource

win7-20240221-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
- Size
  
  3.6MB
- MD5
  
  0bf1924b9798aca8209bd09c8b9bfa91
- SHA1
  
  73822b5c501c392c71ab5433ac7a4aa0621705f9
- SHA256
  
  81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878
- SHA512
  
  cecdc8b1bf30d84a79ad85517e7007f8cb27e60524e295a58a862408d176ec0050dd7f6ed04b761208451c0f834c2f8644d542572c2268d4afd70f184d36d3a5
- SSDEEP
  
  49152:9vCcUyqT2muamcOcQFCLao+7oZO106h4YL6YmKl/DwiQx8kVBfsiZPJNtW9:9qaqTj5mcOcQF6aBl3nSyiy9
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detects executables packed with unregistered version of .NET Reactor
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy