Overview

overview

10

Static

static

3

3609c501d7...18.exe

windows7-x64

10

3609c501d7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3609c501d71a7784fd86305b10b67fc3_JaffaCakes118

  • Size

    876KB

  • Sample

    240511-xh9rfacc9w

  • MD5

    3609c501d71a7784fd86305b10b67fc3

  • SHA1

    c6cfbd50341f7757b7d81bd932973042d4c2cf1e

  • SHA256

    2b840ed4df72c857084148fd16b191bdee7cff55e3b0ddd94224e97591db5fe7

  • SHA512

    791adad02a96e4732d47c894cf4fea71df5211a1e890bf6c063a5cf38329f5be3d5caa2bca03bb4ee247708009af61dd84dae056d83da18718a24302cff0b69e

  • SSDEEP

    12288:BO5XlyKR9n6WXoNZU3kpnrm+uG4s/dx93n1AxVKXFsLVdjOZhSBlTQFO5:BONnrXLkpnaIV3nvFAOZ0BlcFO5

Score
10/10
imminentzgratagilenetpersistenceratspywaretrojan

Malware Config

Targets

    • Target

      3609c501d71a7784fd86305b10b67fc3_JaffaCakes118

    • Size

      876KB

    • MD5

      3609c501d71a7784fd86305b10b67fc3

    • SHA1

      c6cfbd50341f7757b7d81bd932973042d4c2cf1e

    • SHA256

      2b840ed4df72c857084148fd16b191bdee7cff55e3b0ddd94224e97591db5fe7

    • SHA512

      791adad02a96e4732d47c894cf4fea71df5211a1e890bf6c063a5cf38329f5be3d5caa2bca03bb4ee247708009af61dd84dae056d83da18718a24302cff0b69e

    • SSDEEP

      12288:BO5XlyKR9n6WXoNZU3kpnrm+uG4s/dx93n1AxVKXFsLVdjOZhSBlTQFO5:BONnrXLkpnaIV3nvFAOZ0BlcFO5

    Score
    10/10
    imminentzgratagilenetpersistenceratspywaretrojan

    • Detect ZGRat V1

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks