zgrat | 0520b688648369e393b8f603c33dcc1f138a7a6239025b276824d6dbe9c517fb | Triage

Submit
Reports

Overview

overview

Static

static

3

d09a6cfe8d...8b.exe

windows7-x64

1

d09a6cfe8d...8b.exe

windows10-2004-x64

Sharing

General

Target

d09a6cfe8d762be3b2511a013806b78b
Size

562KB
Sample

240312-ee1egsfg31
MD5

d09a6cfe8d762be3b2511a013806b78b
SHA1

31704d8ff3eb5914ef86e5f2f8421865e1485726
SHA256

0520b688648369e393b8f603c33dcc1f138a7a6239025b276824d6dbe9c517fb
SHA512

74894e9184c2f7b7f45d3d3e6c175ce382b1651023f916b3beabf390cb59913c6f272a0087b8f76f99acac5eafb0d3e7138b113f283ba6a23b460817f91f1766
SSDEEP

6144:QC33M/KJCOQtchbHSENHJ74xtpW9V2fxzIwS625ij6txlznqi+NehaXoDzvdf:QC3jhFJ4fM2VS625w6txlzqDUhamT5

Score

10^/10

zgrat persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d09a6cfe8d762be3b2511a013806b78b.exe

Resource

win7-20240220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

d09a6cfe8d762be3b2511a013806b78b.exe

Resource

win10v2004-20240226-en

zgrat persistence rat

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  d09a6cfe8d762be3b2511a013806b78b
- Size
  
  562KB
- MD5
  
  d09a6cfe8d762be3b2511a013806b78b
- SHA1
  
  31704d8ff3eb5914ef86e5f2f8421865e1485726
- SHA256
  
  0520b688648369e393b8f603c33dcc1f138a7a6239025b276824d6dbe9c517fb
- SHA512
  
  74894e9184c2f7b7f45d3d3e6c175ce382b1651023f916b3beabf390cb59913c6f272a0087b8f76f99acac5eafb0d3e7138b113f283ba6a23b460817f91f1766
- SSDEEP
  
  6144:QC33M/KJCOQtchbHSENHJ74xtpW9V2fxzIwS625ij6txlznqi+NehaXoDzvdf:QC3jhFJ4fM2VS625w6txlzqDUhamT5
Score

10^/10

zgrat persistence rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

zgratpersistencerat

© 2018-2025

Terms | Privacy