General

  • Target

    db537a09e0185f8b941af6a5d2ceda40

  • Size

    596KB

  • Sample

    240514-feba2abc9t

  • MD5

    db537a09e0185f8b941af6a5d2ceda40

  • SHA1

    8747013070a23b3d9dd386c1baab0cb79cff3786

  • SHA256

    2a111b1a6650ea6e6b369583f8afe1bf8c5bb6164cb12f8e833d0638c1c2deaf

  • SHA512

    1ecd816a35c50ccbb78a3911d517fe292c4ac8431cc54446ffd3136657dc0d1cc793800c5c5bef31cd76847c0c2cf1968c87f68b841a4bd245e1ced7ab3a37c7

  • SSDEEP

    12288:Z48Xz4N3jJuKiMGejML/ldDKdgM/pMp00TIhmP8mWdCcLxUX0M39F+n:ePNT0KR/MqdgMhr6IhmkmWXuEM3Cn

Malware Config

Targets

    • Target

      db537a09e0185f8b941af6a5d2ceda40

    • Size

      596KB

    • MD5

      db537a09e0185f8b941af6a5d2ceda40

    • SHA1

      8747013070a23b3d9dd386c1baab0cb79cff3786

    • SHA256

      2a111b1a6650ea6e6b369583f8afe1bf8c5bb6164cb12f8e833d0638c1c2deaf

    • SHA512

      1ecd816a35c50ccbb78a3911d517fe292c4ac8431cc54446ffd3136657dc0d1cc793800c5c5bef31cd76847c0c2cf1968c87f68b841a4bd245e1ced7ab3a37c7

    • SSDEEP

      12288:Z48Xz4N3jJuKiMGejML/ldDKdgM/pMp00TIhmP8mWdCcLxUX0M39F+n:ePNT0KR/MqdgMhr6IhmkmWXuEM3Cn

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks