Overview

overview

10

Static

static

10

AZURE PROX...ed.exe

windows7-x64

10

AZURE PROX...ed.exe

windows10-1703-x64

10

AZURE PROX...ed.exe

windows10-2004-x64

10

AZURE PROX...ed.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AZURE PROXYLESS CHECKER-noAnti_Slayed.exe

  • Size

    2.3MB

  • Sample

    240506-rszrbsed4t

  • MD5

    5122f846edafa2010c57c3e898b4a12a

  • SHA1

    83132f608365e96021fe5d2466e3577d959415c7

  • SHA256

    3c21cb1b6a535cbdfc874821b7836516ebd20ab8afb94b3c18636780666ff9ba

  • SHA512

    f53a7469c2d00bd9e8949d6eb69ba7e8a3814d631ee1647fb6fc86c6fe6f9160eca68f9777bdc4721a201ec2dc4ad1234ebc6ddf280060edff52af7b6f1a668f

  • SSDEEP

    49152:KfhNO/E5yqDpXtWqwK75F5745fzSjoZNQPajoNeOyJuhA:Kfh4s5zhpwKdH7gfzScZt0eOys

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      AZURE PROXYLESS CHECKER-noAnti_Slayed.exe

    • Size

      2.3MB

    • MD5

      5122f846edafa2010c57c3e898b4a12a

    • SHA1

      83132f608365e96021fe5d2466e3577d959415c7

    • SHA256

      3c21cb1b6a535cbdfc874821b7836516ebd20ab8afb94b3c18636780666ff9ba

    • SHA512

      f53a7469c2d00bd9e8949d6eb69ba7e8a3814d631ee1647fb6fc86c6fe6f9160eca68f9777bdc4721a201ec2dc4ad1234ebc6ddf280060edff52af7b6f1a668f

    • SSDEEP

      49152:KfhNO/E5yqDpXtWqwK75F5745fzSjoZNQPajoNeOyJuhA:Kfh4s5zhpwKdH7gfzScZt0eOys

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks