zgrat | 1d5550a21ad07ce2b2916954ed7951a80907aec0a0600a7566f9af51d0ee05ea | Triage

Submit
Reports

Overview

overview

Static

static

1

RO-exec fr....0.rar

windows10-2004-x64

RO-exec fr....0.rar

windows11-21h2-x64

7

Sharing

General

Target

RO-exec free remake v2.0.rar
Size

2.3MB
Sample

240328-wmfhqadd26
MD5

6c9773de202cfd6bcafdbb2fc8f081b8
SHA1

d2a470f21d6e50499179ce5ee711db8b2ab3ce34
SHA256

1d5550a21ad07ce2b2916954ed7951a80907aec0a0600a7566f9af51d0ee05ea
SHA512

7904791097af7f413ef957ec226fd9561b0da50d2b67e2da27b487e423c35cf4bf975dae300a13e016ffde166eba47805fffb411370147916769ba3208e69c65
SSDEEP

49152:IzPBa6jIVq9I02Wwv5mxGOqfadevtu3k2WLrwLyZMkdi43rr7s:2B49HWcYdwade1ek2WeyZMQiojs

Score

10^/10

zgrat evasion persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

RO-exec free remake v2.0.rar

Resource

win10v2004-20240226-en

zgrat evasion persistence rat

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

RO-exec free remake v2.0.rar

Resource

win11-20240221-en

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  RO-exec free remake v2.0.rar
- Size
  
  2.3MB
- MD5
  
  6c9773de202cfd6bcafdbb2fc8f081b8
- SHA1
  
  d2a470f21d6e50499179ce5ee711db8b2ab3ce34
- SHA256
  
  1d5550a21ad07ce2b2916954ed7951a80907aec0a0600a7566f9af51d0ee05ea
- SHA512
  
  7904791097af7f413ef957ec226fd9561b0da50d2b67e2da27b487e423c35cf4bf975dae300a13e016ffde166eba47805fffb411370147916769ba3208e69c65
- SSDEEP
  
  49152:IzPBa6jIVq9I02Wwv5mxGOqfadevtu3k2WLrwLyZMkdi43rr7s:2B49HWcYdwade1ek2WeyZMQiojs
Score

10^/10

zgrat evasion persistence rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

zgratevasionpersistencerat

behavioral2

© 2018-2024

Terms | Privacy