Overview

overview

10

Static

static

3

759cb47caf...cs.exe

windows7-x64

10

759cb47caf...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    759cb47cafa914af4368b18c46b8b060_NeikiAnalytics

  • Size

    1.4MB

  • Sample

    240510-zjzc7sgg6s

  • MD5

    759cb47cafa914af4368b18c46b8b060

  • SHA1

    c946424b3e2f7d0f3cd7e169618564b99c4787c4

  • SHA256

    361e15470617b73a383df0887f3a4c2ad40cae5fef3f6c1ba5459ea31fdf1536

  • SHA512

    52e0921436eb4892c363b5270c1aad098c6ee5fb8677d8378fcd4c149be2387333829694364e007a7360f4e0b94d04787f94785a530b03cc30f72f905eab7fd5

  • SSDEEP

    24576:yj/VhzUkpM4pU6/L1ukbhB5SVTfQdK2J+3x2yrk/okgOuojNUDuo6Uo0JJl34ExI:W/PzrpM4p3IAkVjGJ+Eyruokdv5u6492

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      759cb47cafa914af4368b18c46b8b060_NeikiAnalytics

    • Size

      1.4MB

    • MD5

      759cb47cafa914af4368b18c46b8b060

    • SHA1

      c946424b3e2f7d0f3cd7e169618564b99c4787c4

    • SHA256

      361e15470617b73a383df0887f3a4c2ad40cae5fef3f6c1ba5459ea31fdf1536

    • SHA512

      52e0921436eb4892c363b5270c1aad098c6ee5fb8677d8378fcd4c149be2387333829694364e007a7360f4e0b94d04787f94785a530b03cc30f72f905eab7fd5

    • SSDEEP

      24576:yj/VhzUkpM4pU6/L1ukbhB5SVTfQdK2J+3x2yrk/okgOuojNUDuo6Uo0JJl34ExI:W/PzrpM4p3IAkVjGJ+Eyruokdv5u6492

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks