zgrat | 30202655ac09c4e87af419d8b461a2195fcc353f6ee7a6816b8075726e3e750b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dotNET_Rea...or.exe

windows10-2004-x64

Resubmissions

19/04/2024, 14:52

240419-r82wmafb32 10

19/04/2024, 14:48

240419-r6mnxsfa59 10

Sharing

General

Target

dotNET_Reactor.zip
Size

16.9MB
Sample

240419-r6mnxsfa59
MD5

f4426ffd6d641bca1161b4ccca04a63c
SHA1

0262e258dc37f47b49e13355ff90d370d7bb53ba
SHA256

30202655ac09c4e87af419d8b461a2195fcc353f6ee7a6816b8075726e3e750b
SHA512

d89d070a62c9c850362a50e2922e1670a2473de38635dce7db7d32f91ec6a206c744e496a6da07c1e8460c5799f0883434a523e9d2ad171b90a88a801ae8c0ea
SSDEEP

393216:b0VcN4+XvRmPcT9Gh4MWhBwdA3gBpvc1fXyQlDVq8fB2nCZu7iqwLme:b0A/EPo9VMsB1WENVfdqAu4V

Score

10^/10

zgrat rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dotNET_Reactor/dotNET_Reactor.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

5 signatures

300 seconds

Malware Config

Targets

- Target
  
  dotNET_Reactor/dotNET_Reactor.exe
- Size
  
  13.3MB
- MD5
  
  bd73df4cf427511993075f7a16e037a5
- SHA1
  
  63f116641b0655f53e93d62ae559d510ed5af134
- SHA256
  
  fa0a32d408a8df70ec44f3d2374b058f57b86ff49b8068b8c68f8505d3463970
- SHA512
  
  49ad63e65e1f6a454778c904727c948969145eb09457105093af463d933413a7d30437051c7ddb8ded0b46d38b2018a1a78c83af582ab6775bef870057a9dfc3
- SSDEEP
  
  393216:xfuP82nPJiP63TKZqkoPrSz4rkZD1K1fU:xqPIPgTxkqrV6YN
Score

10^/10

zgrat rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy