zgrat | 1681ef0d970bf0e0641504d1d537a3ce646cc4d453cde7c3144eb7989591c13b | Triage

Submit
Reports

Overview

overview

Static

static

3

CapMonster.exe

windows10-2004-x64

Sharing

General

Target

CapMonster.exe
Size

1.8MB
Sample

240319-zsys2agb7w
MD5

11f68698e94bb5583cf0c5126a240988
SHA1

bd8dd0f5480db90c5866b90b07831843877e6636
SHA256

1681ef0d970bf0e0641504d1d537a3ce646cc4d453cde7c3144eb7989591c13b
SHA512

1357d9a8ce860d593c34858f610742de7267b8e811d3c91922dba612b799c32d844c8ac9eb78643b38df1c8086aacb1492d8208d3e3c3cd1b9c0295d86e2164a
SSDEEP

49152:xv7kH+QN512SjABiwtj1+zvT1s4BpyQ396MJfr:x4HZGSjALtohs4zyQ3IMB

Score

10^/10

zgrat rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CapMonster.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  CapMonster.exe
- Size
  
  1.8MB
- MD5
  
  11f68698e94bb5583cf0c5126a240988
- SHA1
  
  bd8dd0f5480db90c5866b90b07831843877e6636
- SHA256
  
  1681ef0d970bf0e0641504d1d537a3ce646cc4d453cde7c3144eb7989591c13b
- SHA512
  
  1357d9a8ce860d593c34858f610742de7267b8e811d3c91922dba612b799c32d844c8ac9eb78643b38df1c8086aacb1492d8208d3e3c3cd1b9c0295d86e2164a
- SSDEEP
  
  49152:xv7kH+QN512SjABiwtj1+zvT1s4BpyQ396MJfr:x4HZGSjALtohs4zyQ3IMB
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy