zgrat | 6d8ce4bec1c309e5dbb0bb97b5432e8a7897c4a6c1243c485113aa2a8ef788bd | Triage

Submit
Reports

Overview

overview

Static

static

6d8ce4bec1...bd.exe

windows7-x64

6d8ce4bec1...bd.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6d8ce4bec1c309e5dbb0bb97b5432e8a7897c4a6c1243c485113aa2a8ef788bd.exe
Size

1.6MB
Sample

240416-blke3ade32
MD5

10c968ea2523a8e4bb2b2e15f0372fd7
SHA1

3e468ba0407f535c55f25aeb2ae3263ed90fc6b9
SHA256

6d8ce4bec1c309e5dbb0bb97b5432e8a7897c4a6c1243c485113aa2a8ef788bd
SHA512

2688aae68114da09eaabfd0e27035b2ad5ec759311b91b4e79eb14cf4021446b9f73e107d1705322ffd8e141f6def492249a5345b0a72ee1591b4e15c6bb7c5a
SSDEEP

24576:p+0yh4ZlXc1m3zijUFLmRZedvY8yFebs8Lv0qiDAFsuKiyIf:sOf7iZRQdvYLFw/L07DaFr

Score

10^/10

zgrat rat

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

6d8ce4bec1c309e5dbb0bb97b5432e8a7897c4a6c1243c485113aa2a8ef788bd.exe

Resource

win7-20240215-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6d8ce4bec1c309e5dbb0bb97b5432e8a7897c4a6c1243c485113aa2a8ef788bd.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6d8ce4bec1c309e5dbb0bb97b5432e8a7897c4a6c1243c485113aa2a8ef788bd.exe
- Size
  
  1.6MB
- MD5
  
  10c968ea2523a8e4bb2b2e15f0372fd7
- SHA1
  
  3e468ba0407f535c55f25aeb2ae3263ed90fc6b9
- SHA256
  
  6d8ce4bec1c309e5dbb0bb97b5432e8a7897c4a6c1243c485113aa2a8ef788bd
- SHA512
  
  2688aae68114da09eaabfd0e27035b2ad5ec759311b91b4e79eb14cf4021446b9f73e107d1705322ffd8e141f6def492249a5345b0a72ee1591b4e15c6bb7c5a
- SSDEEP
  
  24576:p+0yh4ZlXc1m3zijUFLmRZedvY8yFebs8Lv0qiDAFsuKiyIf:sOf7iZRQdvYLFw/L07DaFr
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detects executables packed with unregistered version of .NET Reactor
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy