Overview

overview

10

Static

static

3

garits.exe

windows7-x64

10

garits.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    garits.exe

  • Size

    854KB

  • Sample

    240406-pkzegsab5s

  • MD5

    9dab7bdadcab9c6bf91272fb7931787c

  • SHA1

    5f1d9471c50e40cf5279a1fade18b93c1d80839c

  • SHA256

    d3caae4b8590d11875173d4500b553816949c55042ed95c3c0a5327fc8d7e3f5

  • SHA512

    c9565b213b2d872d5032bbc403be4d975d134261c3a82cb429960ff4ea33930fad08bc8effb7b8bce176b9c25be8deb3113c8e25879923a9e4862218517f3a03

  • SSDEEP

    12288:IcvCS1ED+vJf54ixpwnhc29JPFrAOwap6pPDtvQE7qct2d9/ax:IcvCEhrxChc0J9cLvPDtvQEftA9/a

Score
10/10
zgratagilenetevasionrattrojan

Malware Config

Targets

    • Target

      garits.exe

    • Size

      854KB

    • MD5

      9dab7bdadcab9c6bf91272fb7931787c

    • SHA1

      5f1d9471c50e40cf5279a1fade18b93c1d80839c

    • SHA256

      d3caae4b8590d11875173d4500b553816949c55042ed95c3c0a5327fc8d7e3f5

    • SHA512

      c9565b213b2d872d5032bbc403be4d975d134261c3a82cb429960ff4ea33930fad08bc8effb7b8bce176b9c25be8deb3113c8e25879923a9e4862218517f3a03

    • SSDEEP

      12288:IcvCS1ED+vJf54ixpwnhc29JPFrAOwap6pPDtvQE7qct2d9/ax:IcvCEhrxChc0J9cLvPDtvQEftA9/a

    Score
    10/10
    zgratagilenetevasionrattrojan

    • Detect ZGRat V1

    • UAC bypass

      evasiontrojan

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Drops startup file

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks