Overview

overview

10

Static

static

3

SecuriteIn...18.exe

windows7-x64

10

SecuriteIn...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.2147.22278.5618.exe

  • Size

    632KB

  • Sample

    240508-rln19aah42

  • MD5

    9ffcbf13ec0d927ab745589c64dba569

  • SHA1

    74e9aa1a9225f2acc5ee4aa86993970d3d6df5a8

  • SHA256

    dfba4d1c63cb8b9e426b04fa2b048bfe4554de13e7ce1c2c5e665cc708a23d09

  • SHA512

    cb695ca80b70b6b09af9a43d13363aab86186ca0c44d1f324dfb4bb2d978873cde900efc87b4db0ff2b9d0a321b626a1de97c31a995f5c4e437b16ad3f96ae25

  • SSDEEP

    12288:9ziGDwpg7nTwyrc30trN3OERv1Qdee1teN4FhunLNhcZU+sNmtwZ:9jrTNrc3aOgv1OeCeSh0NhQU1NmiZ

Score
10/10
zgratexecutionrat

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.PackedNET.2147.22278.5618.exe

    • Size

      632KB

    • MD5

      9ffcbf13ec0d927ab745589c64dba569

    • SHA1

      74e9aa1a9225f2acc5ee4aa86993970d3d6df5a8

    • SHA256

      dfba4d1c63cb8b9e426b04fa2b048bfe4554de13e7ce1c2c5e665cc708a23d09

    • SHA512

      cb695ca80b70b6b09af9a43d13363aab86186ca0c44d1f324dfb4bb2d978873cde900efc87b4db0ff2b9d0a321b626a1de97c31a995f5c4e437b16ad3f96ae25

    • SSDEEP

      12288:9ziGDwpg7nTwyrc30trN3OERv1Qdee1teN4FhunLNhcZU+sNmtwZ:9jrTNrc3aOgv1OeCeSh0NhQU1NmiZ

    Score
    10/10
    zgratexecutionrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks