General
-
Target
releases
-
Size
153KB
-
Sample
240512-fpbpjshh5s
-
MD5
61e0cd874c8ae6c8274ef0026a13e1ab
-
SHA1
5f00ae4dd14d5c694bac9fc60d68921f4c8761e1
-
SHA256
3e8b0d8410e1ec7738983403072a393355054196e39b38063016e3e7cc8cc856
-
SHA512
95f991634433f89b40ef51841635048c8a0b37c943410caaf7d78a2d7362197b6dc55522092d103b9eae2debb57c182f9195c531c70be243f2a2ed84dc1c1ae2
-
SSDEEP
3072:fNAoEoMBy2xzVuytnHVMBFSKl+k76INcDXyNc8EXtnDGOVojYQ7S+nuUZpOmrH2P:/0ojYQdH2n9ddKM2vkm0aWyRv3u9SvZI
Malware Config
Targets
-
-
Target
releases
-
Size
153KB
-
MD5
61e0cd874c8ae6c8274ef0026a13e1ab
-
SHA1
5f00ae4dd14d5c694bac9fc60d68921f4c8761e1
-
SHA256
3e8b0d8410e1ec7738983403072a393355054196e39b38063016e3e7cc8cc856
-
SHA512
95f991634433f89b40ef51841635048c8a0b37c943410caaf7d78a2d7362197b6dc55522092d103b9eae2debb57c182f9195c531c70be243f2a2ed84dc1c1ae2
-
SSDEEP
3072:fNAoEoMBy2xzVuytnHVMBFSKl+k76INcDXyNc8EXtnDGOVojYQ7S+nuUZpOmrH2P:/0ojYQdH2n9ddKM2vkm0aWyRv3u9SvZI
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-