zgrat | 1b9ba67d4a203183fb845772c3edb45c98db044809a23c7762134f111fbc0a32 | Triage

Submit
Reports

Overview

overview

Static

static

3

04fe72c721...e9.zip

windows7-x64

1

04fe72c721...e9.zip

windows10-2004-x64

1

NEW ORDER ...ON.scr

windows7-x64

NEW ORDER ...ON.scr

windows10-2004-x64

Sharing

General

Target

NEW ORDER CONFIRMATION.zip.zip
Size

2.9MB
Sample

240510-khdmsagc69
MD5

8c9f896110cd0a4f4fc4b73bdab5636e
SHA1

9b49617478fa9c15717653ca657e09b41483bbf4
SHA256

1b9ba67d4a203183fb845772c3edb45c98db044809a23c7762134f111fbc0a32
SHA512

8fc0b1be31153ce57c9afd25a751f7227163f9bdd73aafde914bf3edc0abd4b2fb9861cebcc51eb99b5cf749c7f6037efdc3d6ccea0e88c768a6c9b56969e65f
SSDEEP

49152:2LZjr5T5f/KPuwdFe24nrn6hlbGuxBAK9TNqaXxCsG2jGPAv4PjyJHY1C:2V1J/K24Fe26z6Dy0BANaXU2SPdPjacC

Score

10^/10

zgrat collection rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

04fe72c7211de060e7f25a1f6b7e30fd2760b983cf7251d0f11b4a4b01b588e9.zip

Resource

win7-20240419-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

04fe72c7211de060e7f25a1f6b7e30fd2760b983cf7251d0f11b4a4b01b588e9.zip

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

NEW ORDER CONFIRMATION.scr

Resource

win7-20240508-en

zgrat collection rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

NEW ORDER CONFIRMATION.scr

Resource

win10v2004-20240426-en

zgrat collection rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  04fe72c7211de060e7f25a1f6b7e30fd2760b983cf7251d0f11b4a4b01b588e9
- Size
  
  2.9MB
- MD5
  
  30a6d25cd4ebbe11135d7ad8c33fd0c0
- SHA1
  
  bde176672b466a73653d006fd578cb424f74fee8
- SHA256
  
  04fe72c7211de060e7f25a1f6b7e30fd2760b983cf7251d0f11b4a4b01b588e9
- SHA512
  
  65144276cbb9e019cfb569f2cdd012513c32af593b47b3a324f506fd6ba1f0065e72c6f13d44a6fc0f95bdccab50d76e93bd9b71feebd3a71ad41c1b0497c093
- SSDEEP
  
  49152:P1sEdqOU+T6tXJtyUQj4SPBylBWBvajPbQE8e1BZk/b6U+:PndhT6t5tnQj42BAjX8NWU+
Score

1^/10
behavioral1 behavioral2
- Target
  
  NEW ORDER CONFIRMATION.scr
- Size
  
  3.0MB
- MD5
  
  92b7e779a83e62d1ba8c418a864ab54e
- SHA1
  
  8352881b49b323ff9a9acbec1fbbaf4365bae464
- SHA256
  
  ba58f8ba7420adb8ffa2c999e7b20c1958d353c1146cb5eff41b5057f320f7be
- SHA512
  
  605f0abd697f9a64d34235724875b8f77896c7b0f54af3adc3606aa577aa9ef73dcd6f1b03a35400d4925ff7ec0afd5d13b2208a646648369e657df1a33bc438
- SSDEEP
  
  49152:/dmozqOYEP6j/XJ0K8tcE/Bk1Bytv+jVd4+mivVPMNj8gt:/LzhP6jPJJ8tcqBKRhm9Ygt
Score

10^/10

zgrat collection rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

zgratcollectionrat

behavioral4

zgratcollectionrat

© 2018-2025

Terms | Privacy