Overview

overview

10

Static

static

3

fbe33427fa...18.exe

windows7-x64

10

fbe33427fa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbe33427fa72c0b37aebbe5fbbb97667_JaffaCakes118

  • Size

    337KB

  • Sample

    240420-entnasgg8t

  • MD5

    fbe33427fa72c0b37aebbe5fbbb97667

  • SHA1

    acf65ae46ac2915563814df734ec9fe491c395e2

  • SHA256

    4c33d8a76c5d0e4efb561bdd6f8e252a8246f17cb352cd0148dcaf39705b9338

  • SHA512

    f3ade8cbf065b92b892089b77a5e1bcb0e7f36055fb8bf5886544a546690f71b6d14111d539341cb92778652cadb9438b2af8ce5dbe2f4e374fd8f72d1db3437

  • SSDEEP

    6144:Dz7T5/9ezzYFrgAo14mFVoBw4mVH5dUTlsWimTkqto9hSWM:TB9WYFi15foqVZ2mmz

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      fbe33427fa72c0b37aebbe5fbbb97667_JaffaCakes118

    • Size

      337KB

    • MD5

      fbe33427fa72c0b37aebbe5fbbb97667

    • SHA1

      acf65ae46ac2915563814df734ec9fe491c395e2

    • SHA256

      4c33d8a76c5d0e4efb561bdd6f8e252a8246f17cb352cd0148dcaf39705b9338

    • SHA512

      f3ade8cbf065b92b892089b77a5e1bcb0e7f36055fb8bf5886544a546690f71b6d14111d539341cb92778652cadb9438b2af8ce5dbe2f4e374fd8f72d1db3437

    • SSDEEP

      6144:Dz7T5/9ezzYFrgAo14mFVoBw4mVH5dUTlsWimTkqto9hSWM:TB9WYFi15foqVZ2mmz

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks