zgrat | 17d2d7a34d73f7c0f2d2cafb81b6ba1cdf8650128e4f4e16b235ee91c055f8ec

Analysis

max time kernel
129s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17d2d7a34d73f7c0f2d2cafb81b6ba1cdf8650128e4f4e16b235ee91c055f8ec.exe
Size

420KB
MD5

f7df4504c2f86d6fecbb5b29e5d9fa50
SHA1

47ce06baa2697338c999c935cbcb26da87b5c5a1
SHA256

17d2d7a34d73f7c0f2d2cafb81b6ba1cdf8650128e4f4e16b235ee91c055f8ec
SHA512

963916199c71b20edb4379e86234cc2b62fa37aca9c0627ce804314118d080b39d1c51845c9b3ef6e0af7373198c76c58c394e5e59a897c5dbba4d5fd53c7a0f
SSDEEP

12288:5mAhS1SIgASSpx5p32doxi8JQx6y5CKLUUQhdKOZPx2u:0AhxAJpxj3RX8hxjtOB4

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 34 IoCs

resource	yara_rule
behavioral1/memory/2836-2-0x0000000001010000-0x00000000010E6000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-11-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-21-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-33-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-45-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-57-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-67-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-65-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-63-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-61-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-59-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-55-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-53-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-51-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-49-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-47-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-43-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-41-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-39-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-37-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-35-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-31-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-29-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-27-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-25-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-23-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-19-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-17-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-15-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-13-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-9-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-7-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-5-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2836-4-0x0000000001010000-0x00000000010E0000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

C:\Users\Admin\AppData\Local\Temp\17d2d7a34d73f7c0f2d2cafb81b6ba1cdf8650128e4f4e16b235ee91c055f8ec.exe
"C:\Users\Admin\AppData\Local\Temp\17d2d7a34d73f7c0f2d2cafb81b6ba1cdf8650128e4f4e16b235ee91c055f8ec.exe"
1⤵
PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2836-0-0x00000000010F0000-0x0000000001160000-memory.dmp

Filesize
448KB

Download
memory/2836-1-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp

Filesize
9.9MB

Download
memory/2836-3-0x000000001AD50000-0x000000001ADD0000-memory.dmp

Filesize
512KB

Download
memory/2836-2-0x0000000001010000-0x00000000010E6000-memory.dmp

Filesize
856KB

Download
memory/2836-11-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-21-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-33-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-45-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-57-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-67-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-65-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-63-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-61-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-59-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-55-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-53-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-51-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-49-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-47-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-43-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-41-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-39-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-37-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-35-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-31-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-29-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-27-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-25-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-23-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-19-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-17-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-15-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-13-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-9-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-7-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-5-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-4-0x0000000001010000-0x00000000010E0000-memory.dmp

Filesize
832KB

Download
memory/2836-6076-0x000000001AD50000-0x000000001ADD0000-memory.dmp

Filesize
512KB

Download
memory/2836-6077-0x000000001AD50000-0x000000001ADD0000-memory.dmp

Filesize
512KB

Download
memory/2836-6078-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp

Filesize
9.9MB

Download
memory/2836-6079-0x000000001AD50000-0x000000001ADD0000-memory.dmp

Filesize
512KB

Download
memory/2836-6080-0x000000001AD50000-0x000000001ADD0000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads