Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

fd643dfa49...2a.exe

windows7-x64

10

fd643dfa49...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    946f9875958c6ff0a4ccbcc8717068a0.bin

  • Size

    9.2MB

  • Sample

    240416-by5lrseb22

  • MD5

    2d495049a9a4eb9f760ffbb71a8a2565

  • SHA1

    de8c51240c97e37b1874655d13f8661abe342a54

  • SHA256

    6e61d2a623aae93014a16735e2baadc7c69abbff4330292bc5b957148f0eb995

  • SHA512

    6a7008d8beb7295be21e37ce91fd146b661cc0c1135624186a5374e397d0205776a737b1aae7bfa0724f34530e62a2f54546ce442cfbcaaf98454ae570affbd3

  • SSDEEP

    196608:lsob6MuXVCHY4sbfVNcvN0yCiPtGEIUZvur+3TMl8qg5qDd:lsobflHYfb9ulLVG214l2qDd

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe

    • Size

      9.8MB

    • MD5

      946f9875958c6ff0a4ccbcc8717068a0

    • SHA1

      229484accad0a2f744b0f7c857b12de1c2896f38

    • SHA256

      fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a

    • SHA512

      5171ade7f004baf4c59da167eb9357e97744eb34e012bf6a2baa5c411488f56a011019cf53b994e26f18c92ebfbf66184779d9908e7bd35afd44132188466ada

    • SSDEEP

      196608:VFg/KSH4rynHHiJrWnfossDb9NfwSdcvTP5AUewGUeF1w:VK/ZH4OniJrcOfwSdcv1A02w

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks