Overview

overview

10

Static

static

3

BlastedCracked.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlastedCracked.exe

  • Size

    3.6MB

  • Sample

    240512-v97eaagf5s

  • MD5

    efa8a9b8529959e7384cce67f59420d8

  • SHA1

    54159f633070d03a71ed6d5e1d9e40f2893510fe

  • SHA256

    c252cbd5898c1d562170a12c1e2262ad101616ec0583cb647c01a5e3d1568fef

  • SHA512

    7a97920a93a05d076ea6ddade8dbe82553b69d89c0a3d86fb11627193753bf12a85975ff01ccf84bcb9b030a38d4e0d7c3957d08a2ad11831601e80f24fd5aef

  • SSDEEP

    98304:1syC4u5x0b8dF6eaeSjBeKxATO7IiiOra+Hc8:7C4u5x0wn6eaeSdyTO4Ora+Hc8

Score
10/10
zgratpersistencerat

Malware Config

Targets

    • Target

      BlastedCracked.exe

    • Size

      3.6MB

    • MD5

      efa8a9b8529959e7384cce67f59420d8

    • SHA1

      54159f633070d03a71ed6d5e1d9e40f2893510fe

    • SHA256

      c252cbd5898c1d562170a12c1e2262ad101616ec0583cb647c01a5e3d1568fef

    • SHA512

      7a97920a93a05d076ea6ddade8dbe82553b69d89c0a3d86fb11627193753bf12a85975ff01ccf84bcb9b030a38d4e0d7c3957d08a2ad11831601e80f24fd5aef

    • SSDEEP

      98304:1syC4u5x0b8dF6eaeSjBeKxATO7IiiOra+Hc8:7C4u5x0wn6eaeSdyTO4Ora+Hc8

    Score
    10/10
    zgratpersistencerat

    • Detect ZGRat V1

    • Modifies WinLogon for persistence

      persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks