zgrat | afddabb10af9cbd11a940567f1ef2a8d0483fefd47d575cae5e8e615c2f15f5b | Triage

Submit
Reports

Overview

overview

Static

static

1

jaser.exe

windows11-21h2-x64

Sharing

General

Target

jaser.exe
Size

286.0MB
Sample

240508-p9ca9adg6w
MD5

45cf735073402183e3650f69b264323f
SHA1

e30987fc42dd931e2fcdc02474b7a8f363e7731b
SHA256

afddabb10af9cbd11a940567f1ef2a8d0483fefd47d575cae5e8e615c2f15f5b
SHA512

3844fac4876376abb4b3e249ef950b8fc806098a22e857898e61cb26ecad509fdace80685681c515c3b50cd0c14be09b09f71bb68a9f1a6383f73529cd928730
SSDEEP

6291456:re35QLVGaqBSYYvfeaQYbAJwD11CuIed8oA46BQ1:A5QLnqBSYYvAixcuIed+bM

Score

10^/10

zgrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

jaser.exe

Resource

win11-20240419-en

zgrat persistence rat

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  jaser.exe
- Size
  
  286.0MB
- MD5
  
  45cf735073402183e3650f69b264323f
- SHA1
  
  e30987fc42dd931e2fcdc02474b7a8f363e7731b
- SHA256
  
  afddabb10af9cbd11a940567f1ef2a8d0483fefd47d575cae5e8e615c2f15f5b
- SHA512
  
  3844fac4876376abb4b3e249ef950b8fc806098a22e857898e61cb26ecad509fdace80685681c515c3b50cd0c14be09b09f71bb68a9f1a6383f73529cd928730
- SSDEEP
  
  6291456:re35QLVGaqBSYYvfeaQYbAJwD11CuIed8oA46BQ1:A5QLnqBSYYvAixcuIed+bM
Score

10^/10

zgrat persistence rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratpersistencerat

© 2018-2025

Terms | Privacy