Overview

overview

10

Static

static

3

Enigma Temp.exe

windows7-x64

10

Enigma Temp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Enigma Temp.exe

  • Size

    13.5MB

  • Sample

    240511-xhc3gafb23

  • MD5

    330a39ccb7e57bac11f25d600c5aa463

  • SHA1

    c22bac47bb741f63600c97c7669f2e48bf1567ab

  • SHA256

    0f9c56f62484b2bbf14f9b7b76efa84e0fa0a179b0787e98e3dc9a02b9f6054e

  • SHA512

    fda91e66009f1ccd88514efb56c272a1866c74496175f55573cd244b044e8cbe812fa8f98d7a5859254970c3d8898b34968e1649c3a59b7ba5b7e9ddc744efce

  • SSDEEP

    393216:Rf50Nu9En2liECzJ3USGsfg6W2oBqtMpYbA4:x6GsLBusfg6fbqpY

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      Enigma Temp.exe

    • Size

      13.5MB

    • MD5

      330a39ccb7e57bac11f25d600c5aa463

    • SHA1

      c22bac47bb741f63600c97c7669f2e48bf1567ab

    • SHA256

      0f9c56f62484b2bbf14f9b7b76efa84e0fa0a179b0787e98e3dc9a02b9f6054e

    • SHA512

      fda91e66009f1ccd88514efb56c272a1866c74496175f55573cd244b044e8cbe812fa8f98d7a5859254970c3d8898b34968e1649c3a59b7ba5b7e9ddc744efce

    • SSDEEP

      393216:Rf50Nu9En2liECzJ3USGsfg6W2oBqtMpYbA4:x6GsLBusfg6fbqpY

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks