Overview

overview

10

Static

static

10

MemReduct.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MemReduct.exe

  • Size

    1.7MB

  • Sample

    240420-fkf4gahh4w

  • MD5

    05e117e10be7268e011ce46b1c237586

  • SHA1

    ccdf4f3954f53a0e4e4b4a5be16a57bd1dda222b

  • SHA256

    c850889430ed8e233aa903dd3f7326bfb68e8bcdc8974206434d2ba0e03b0746

  • SHA512

    f18ab5c41f84327be2fb846c90a3b0709d06c770f9cdf00905e7ce821f62eba08ba1ecb05292221ac61e31333c27f3861aa08007b6cff0632c795616331891e5

  • SSDEEP

    24576:jzUcZU9B2c8hxJMmJI0WNRiKk014hMVVFQIECZXkSmG0LB5Unxo+N8ufF:099Z6JMmJI0WNRiz0dzuIEwAG0/6o+t

Score
10/10
zgratevasionrat

Malware Config

Targets

    • Target

      MemReduct.exe

    • Size

      1.7MB

    • MD5

      05e117e10be7268e011ce46b1c237586

    • SHA1

      ccdf4f3954f53a0e4e4b4a5be16a57bd1dda222b

    • SHA256

      c850889430ed8e233aa903dd3f7326bfb68e8bcdc8974206434d2ba0e03b0746

    • SHA512

      f18ab5c41f84327be2fb846c90a3b0709d06c770f9cdf00905e7ce821f62eba08ba1ecb05292221ac61e31333c27f3861aa08007b6cff0632c795616331891e5

    • SSDEEP

      24576:jzUcZU9B2c8hxJMmJI0WNRiKk014hMVVFQIECZXkSmG0LB5Unxo+N8ufF:099Z6JMmJI0WNRiz0dzuIEwAG0/6o+t

    Score
    10/10
    zgratevasionrat

    • Detect ZGRat V1

    • Modifies security service

      evasion

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks