Overview

overview

10

Static

static

1

d83f04d14b...ea.exe

windows7-x64

10

d83f04d14b...ea.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d83f04d14b3ef5742e3a5cb0c9089dea.exe

  • Size

    145KB

  • Sample

    240427-2dmtbshh88

  • MD5

    d83f04d14b3ef5742e3a5cb0c9089dea

  • SHA1

    5ba0a13d620b4e2352de8cd4b033c3b4b4a85015

  • SHA256

    70c0d722f4eb2c9cd96a58ef04285323a897c7c28896654d4b1753e240079ad0

  • SHA512

    0840f4acaf1b98b5358ad0f0b51696cf8298f2f7112401ae79a39de3b02d801403914bc21f1704b9bc3df390d0886859534d9b02385b360b598f745d18ab304b

  • SSDEEP

    3072:8XZGjXpoGoByXPQs2UTXQ8yb7aFcCiSIvF68XJZ:mZGbpYByPT7lyvIcLSIvF68X

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      d83f04d14b3ef5742e3a5cb0c9089dea.exe

    • Size

      145KB

    • MD5

      d83f04d14b3ef5742e3a5cb0c9089dea

    • SHA1

      5ba0a13d620b4e2352de8cd4b033c3b4b4a85015

    • SHA256

      70c0d722f4eb2c9cd96a58ef04285323a897c7c28896654d4b1753e240079ad0

    • SHA512

      0840f4acaf1b98b5358ad0f0b51696cf8298f2f7112401ae79a39de3b02d801403914bc21f1704b9bc3df390d0886859534d9b02385b360b598f745d18ab304b

    • SSDEEP

      3072:8XZGjXpoGoByXPQs2UTXQ8yb7aFcCiSIvF68XJZ:mZGbpYByPT7lyvIcLSIvF68X

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks