zgrat | 0da37f4dc45bda166d0ad59523a097be39f5a3d774aa843620e204f7995ff2c1 | Triage

Submit
Reports

Overview

overview

Static

static

1

ad61418203...35.cmd

windows10-2004-x64

Sharing

General

Target

ad6141820386639133953308360445558077741366324631087357035 (1).7z
Size

2.5MB
Sample

240509-vmarssfh97
MD5

c7164f7d0b96b5d990992bce472d102a
SHA1

768ac1d266681b1fc7c264d6c5bb869e8e0370d4
SHA256

0da37f4dc45bda166d0ad59523a097be39f5a3d774aa843620e204f7995ff2c1
SHA512

bb38143a3e6ac815a477d51ebad460fc7f0a4ab976a33e7f0fa57d2c58de464349c2475e3fd43ecec88daa0fc63bae90ccc17b065ddb1c9dbeafd679eaafb53f
SSDEEP

49152:nnAKlGEq8EKq6H+p7SWZjVMO6BrObsrIklAKIa4fmFp8zjBYTr02BOhPBB3FzTI:nn1l15El5SUj16BrDhuOUmDsuscGPBBq

Score

10^/10

zgrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

ad6141820386639133953308360445558077741366324631087357035.cmd

Resource

win10v2004-20240426-en

zgrat persistence rat

windows10-2004-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  ad6141820386639133953308360445558077741366324631087357035.cmd
- Size
  
  3.2MB
- MD5
  
  305eaa031146e25cc809f31c4c980ab2
- SHA1
  
  2ee88870d62960197e7aa14e7c774228bcc82c23
- SHA256
  
  795932d040c08e9122325bcbfb4a428398ec38d7b3937e0e6154c8d40d66c724
- SHA512
  
  11eafabbb51568b1bbf5a406727d739b138825120e9cd70555ec5698018fc9161463909ab74016a0a40f36ab36e7e449b4865ab9ae955962601eaa7ea16e82d4
- SSDEEP
  
  49152:R8gtQOH/aTIdOlKf1DNBI874MEikGexHFrqa3:Y
Score

10^/10

zgrat persistence rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratpersistencerat

© 2018-2025

Terms | Privacy