Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    182a6cf870ad9d09e72bc36669dbd55306e964c11b7c63ebccd5406ae8e8556d

  • Size

    4.0MB

  • Sample

    240417-eamylacg85

  • MD5

    9c31acafcb357ff41c9bc9be104397c4

  • SHA1

    8be5933f6f72c0d4723ac3ff5501cbd17bf499c4

  • SHA256

    182a6cf870ad9d09e72bc36669dbd55306e964c11b7c63ebccd5406ae8e8556d

  • SHA512

    636d444a411d144ce77bb24b896198c4ac4036408c31d94d8722dcd16f950375cc7a08c034cffe74bb6202404de6c4e16069a78dbe5c4197039c1f1f9c4f6fdf

  • SSDEEP

    98304:ypDF7RaItzPWlbVMQDWFdCEbqNixjnCc630pW0EpmEOQL6r1:IDF7RaItzckCVixT9pSmEO06r1

Score
10/10
zgratevasionrat

Malware Config

Targets

    • Target

      182a6cf870ad9d09e72bc36669dbd55306e964c11b7c63ebccd5406ae8e8556d

    • Size

      4.0MB

    • MD5

      9c31acafcb357ff41c9bc9be104397c4

    • SHA1

      8be5933f6f72c0d4723ac3ff5501cbd17bf499c4

    • SHA256

      182a6cf870ad9d09e72bc36669dbd55306e964c11b7c63ebccd5406ae8e8556d

    • SHA512

      636d444a411d144ce77bb24b896198c4ac4036408c31d94d8722dcd16f950375cc7a08c034cffe74bb6202404de6c4e16069a78dbe5c4197039c1f1f9c4f6fdf

    • SSDEEP

      98304:ypDF7RaItzPWlbVMQDWFdCEbqNixjnCc630pW0EpmEOQL6r1:IDF7RaItzckCVixT9pSmEO06r1

    Score
    10/10
    zgratevasionrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks