Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
DCRatBuild.exe
-
Size
3.8MB
-
Sample
240430-pae8vsbe64
-
MD5
3da1cda32190d9ba346889a7df20c952
-
SHA1
f26a7f5ece93071f40b8cf3c5cf74af1e7589797
-
SHA256
84d18110d3087cb912cc8cdcc3dae4e4ed4d0a4d20b514291eb7958590960607
-
SHA512
540a4c0372ce6a8e6b651b7aaad62d9a119cf8a6589a50cab1a83c2eec6c52ac9e662f789e06ab196bbac82766cfc74b0a177fc94fe944de206c7100b2d929c6
-
SSDEEP
98304:yQ8b58R7g9ksxqxTqIlyOBYFF+2hvc8Tf:58b5gc6TqjFFL
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
DCRatBuild.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
3.8MB
-
MD5
3da1cda32190d9ba346889a7df20c952
-
SHA1
f26a7f5ece93071f40b8cf3c5cf74af1e7589797
-
SHA256
84d18110d3087cb912cc8cdcc3dae4e4ed4d0a4d20b514291eb7958590960607
-
SHA512
540a4c0372ce6a8e6b651b7aaad62d9a119cf8a6589a50cab1a83c2eec6c52ac9e662f789e06ab196bbac82766cfc74b0a177fc94fe944de206c7100b2d929c6
-
SSDEEP
98304:yQ8b58R7g9ksxqxTqIlyOBYFF+2hvc8Tf:58b5gc6TqjFFL
Score10/10-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1