General
-
Target
f5fe6435df7702338b1320b55f96caa4.exe
-
Size
594KB
-
Sample
240513-h5g8daca7v
-
MD5
f5fe6435df7702338b1320b55f96caa4
-
SHA1
fab2bbc6e43cc01217673b2753e223099c3c297f
-
SHA256
3f352445c521895812735acebb5f944cd1e88024cade5b201c562166619ffc9f
-
SHA512
4c355979435dc7519c4e4ee1a9ff6ad4be9cabcaa6b376473b039fcd785837689f16662e680b196f2b74ec689ff894175a2892206f1883e6e22ca89a292a6fab
-
SSDEEP
12288:Ta+kA8UkbVvyhzR8OQtgR64Hh4oPRSviJFwuHnOr387dPex:FFgkh21gR3JSviJFbnOz87dPe
Malware Config
Targets
-
-
Target
f5fe6435df7702338b1320b55f96caa4.exe
-
Size
594KB
-
MD5
f5fe6435df7702338b1320b55f96caa4
-
SHA1
fab2bbc6e43cc01217673b2753e223099c3c297f
-
SHA256
3f352445c521895812735acebb5f944cd1e88024cade5b201c562166619ffc9f
-
SHA512
4c355979435dc7519c4e4ee1a9ff6ad4be9cabcaa6b376473b039fcd785837689f16662e680b196f2b74ec689ff894175a2892206f1883e6e22ca89a292a6fab
-
SSDEEP
12288:Ta+kA8UkbVvyhzR8OQtgR64Hh4oPRSviJFwuHnOr387dPex:FFgkh21gR3JSviJFbnOz87dPe
Score10/10-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-