Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3acdea11112584cd1f78da03f6af5cfc0f883309fc5ec552fa6b9c85a6c483bb

  • Size

    3.3MB

  • Sample

    240418-2fz7fahg2y

  • MD5

    76eae6ef736073145d6c06d981615ff9

  • SHA1

    6612a26d5db4a6a745fed7518ec93a1121fffd9c

  • SHA256

    3acdea11112584cd1f78da03f6af5cfc0f883309fc5ec552fa6b9c85a6c483bb

  • SHA512

    e7c118bbe9f62d5834b374e05242636b32daab2c1fe607521d6e78520665c59f78637b74c85d171f8608e255be50731771f0a09dcca69e016b281ee02ab77231

  • SSDEEP

    98304:Y/gORUJOUyQBOrgJedw0H+GSYq8dG+zMJ:Y/+J69gKw0e1Yq+P

Score
10/10
zgratpersistencerat

Malware Config

Targets

    • Target

      3acdea11112584cd1f78da03f6af5cfc0f883309fc5ec552fa6b9c85a6c483bb

    • Size

      3.3MB

    • MD5

      76eae6ef736073145d6c06d981615ff9

    • SHA1

      6612a26d5db4a6a745fed7518ec93a1121fffd9c

    • SHA256

      3acdea11112584cd1f78da03f6af5cfc0f883309fc5ec552fa6b9c85a6c483bb

    • SHA512

      e7c118bbe9f62d5834b374e05242636b32daab2c1fe607521d6e78520665c59f78637b74c85d171f8608e255be50731771f0a09dcca69e016b281ee02ab77231

    • SSDEEP

      98304:Y/gORUJOUyQBOrgJedw0H+GSYq8dG+zMJ:Y/+J69gKw0e1Yq+P

    Score
    10/10
    zgratpersistencerat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks