Overview

overview

10

Static

static

10

0218aa4e18...42.exe

windows7-x64

10

0218aa4e18...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0218aa4e18dd2db185038c9dfb349e9eff5d4c49ee910590e815e88323a6f642.exe

  • Size

    3.5MB

  • Sample

    240514-bc36tacf7s

  • MD5

    5db8857cca603a760cfb6955f5c309cf

  • SHA1

    6256f8199587182efb4f0941fb7668cb72e334cb

  • SHA256

    0218aa4e18dd2db185038c9dfb349e9eff5d4c49ee910590e815e88323a6f642

  • SHA512

    4e67e73d0e8742f660ebc6fe7eab143ab2154c774f9987ba950b24217bee13b009d44bde26e3e4bc37915d0f264b39965bec8c4c49534ef2a55888bc97a19665

  • SSDEEP

    98304:Lny83Z5SrLFKEik8ntD0V0e0WAOfraPsqqE:LnyskIEi3ntD0Se0WAOfraP

Score
10/10
zgratratspyware

Malware Config

Targets

    • Target

      0218aa4e18dd2db185038c9dfb349e9eff5d4c49ee910590e815e88323a6f642.exe

    • Size

      3.5MB

    • MD5

      5db8857cca603a760cfb6955f5c309cf

    • SHA1

      6256f8199587182efb4f0941fb7668cb72e334cb

    • SHA256

      0218aa4e18dd2db185038c9dfb349e9eff5d4c49ee910590e815e88323a6f642

    • SHA512

      4e67e73d0e8742f660ebc6fe7eab143ab2154c774f9987ba950b24217bee13b009d44bde26e3e4bc37915d0f264b39965bec8c4c49534ef2a55888bc97a19665

    • SSDEEP

      98304:Lny83Z5SrLFKEik8ntD0V0e0WAOfraPsqqE:LnyskIEi3ntD0Se0WAOfraP

    Score
    10/10
    zgratratspyware

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Detects executables packed with unregistered version of .NET Reactor

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks