Overview

overview

10

Static

static

10

Build.exe

windows7-x64

10

Build.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Build.exe

  • Size

    1.9MB

  • Sample

    240327-pcfmeaeh4s

  • MD5

    f02f63869b0c3e3f3fa1dde2b72ad422

  • SHA1

    b40e95648bfb3ebbbf097e60dda42cb5ea097225

  • SHA256

    4aa617dbd784205452b72cdd8609e3be978a700abbe844ee5c82464a1ba36f4a

  • SHA512

    79d8b6e8dc3e54b244b6776d8068c5dcb8661dc90ac16b3ecee5843ca2ac34a0376ec2e46dddf24c2276f2083b44e627f722f8fdbbad45a62dfc5764ab863606

  • SSDEEP

    24576:2TbBv5rUyXVsjNx7SBlyCU1yPyNXQZ3QBLTBbbol/xY47W9Hvz51B:IBJs3Xdg3QBLq/7WBvN

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      Build.exe

    • Size

      1.9MB

    • MD5

      f02f63869b0c3e3f3fa1dde2b72ad422

    • SHA1

      b40e95648bfb3ebbbf097e60dda42cb5ea097225

    • SHA256

      4aa617dbd784205452b72cdd8609e3be978a700abbe844ee5c82464a1ba36f4a

    • SHA512

      79d8b6e8dc3e54b244b6776d8068c5dcb8661dc90ac16b3ecee5843ca2ac34a0376ec2e46dddf24c2276f2083b44e627f722f8fdbbad45a62dfc5764ab863606

    • SSDEEP

      24576:2TbBv5rUyXVsjNx7SBlyCU1yPyNXQZ3QBLTBbbol/xY47W9Hvz51B:IBJs3Xdg3QBLq/7WBvN

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks