Overview

overview

10

Static

static

3

b2e85f5907...a0.exe

windows7-x64

10

b2e85f5907...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2e85f5907f28c7c9bfc0370be2567494e0fd11887dfc80ca62958d4f5fbf8a0.exe

  • Size

    791KB

  • Sample

    240514-b2wg9sea3s

  • MD5

    8eb6ed01392a5cbba283febd7c9aa16a

  • SHA1

    d472f8b50f8a9a6e583262f326a57927d9df940c

  • SHA256

    b2e85f5907f28c7c9bfc0370be2567494e0fd11887dfc80ca62958d4f5fbf8a0

  • SHA512

    e6f08c9036df0f8c7f38895f4bbf240d796b8da9838ac87c67c56122361675462844a99fed386856a09744d4beaba7f81431619696cea959f93dc0de1962151a

  • SSDEEP

    12288:SaEg+LSgoEJHE6QxTZbZQIPqeEMbZO6MGomMRPArytpfoA:SaEgVrEJCTZlQISeEoq1J3pfx

Score
10/10
zgratexecutionrat

Malware Config

Targets

    • Target

      b2e85f5907f28c7c9bfc0370be2567494e0fd11887dfc80ca62958d4f5fbf8a0.exe

    • Size

      791KB

    • MD5

      8eb6ed01392a5cbba283febd7c9aa16a

    • SHA1

      d472f8b50f8a9a6e583262f326a57927d9df940c

    • SHA256

      b2e85f5907f28c7c9bfc0370be2567494e0fd11887dfc80ca62958d4f5fbf8a0

    • SHA512

      e6f08c9036df0f8c7f38895f4bbf240d796b8da9838ac87c67c56122361675462844a99fed386856a09744d4beaba7f81431619696cea959f93dc0de1962151a

    • SSDEEP

      12288:SaEg+LSgoEJHE6QxTZbZQIPqeEMbZO6MGomMRPArytpfoA:SaEgVrEJCTZlQISeEoq1J3pfx

    Score
    10/10
    zgratexecutionrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks