zgrat | 2a111b1a6650ea6e6b369583f8afe1bf8c5bb6164cb12f8e833d0638c1c2deaf | Triage

Submit
Reports

Overview

overview

Static

static

3

db537a09e0...40.exe

windows7-x64

db537a09e0...40.exe

windows10-2004-x64

Sharing

General

Target

db537a09e0185f8b941af6a5d2ceda40
Size

596KB
Sample

240514-feba2abc9t
MD5

db537a09e0185f8b941af6a5d2ceda40
SHA1

8747013070a23b3d9dd386c1baab0cb79cff3786
SHA256

2a111b1a6650ea6e6b369583f8afe1bf8c5bb6164cb12f8e833d0638c1c2deaf
SHA512

1ecd816a35c50ccbb78a3911d517fe292c4ac8431cc54446ffd3136657dc0d1cc793800c5c5bef31cd76847c0c2cf1968c87f68b841a4bd245e1ced7ab3a37c7
SSDEEP

12288:Z48Xz4N3jJuKiMGejML/ldDKdgM/pMp00TIhmP8mWdCcLxUX0M39F+n:ePNT0KR/MqdgMhr6IhmkmWXuEM3Cn

Score

10^/10

zgrat agilenet execution rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

db537a09e0185f8b941af6a5d2ceda40.exe

Resource

win7-20240508-en

zgrat agilenet execution rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

db537a09e0185f8b941af6a5d2ceda40.exe

Resource

win10v2004-20240508-en

zgrat agilenet execution rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  db537a09e0185f8b941af6a5d2ceda40
- Size
  
  596KB
- MD5
  
  db537a09e0185f8b941af6a5d2ceda40
- SHA1
  
  8747013070a23b3d9dd386c1baab0cb79cff3786
- SHA256
  
  2a111b1a6650ea6e6b369583f8afe1bf8c5bb6164cb12f8e833d0638c1c2deaf
- SHA512
  
  1ecd816a35c50ccbb78a3911d517fe292c4ac8431cc54446ffd3136657dc0d1cc793800c5c5bef31cd76847c0c2cf1968c87f68b841a4bd245e1ced7ab3a37c7
- SSDEEP
  
  12288:Z48Xz4N3jJuKiMGejML/ldDKdgM/pMp00TIhmP8mWdCcLxUX0M39F+n:ePNT0KR/MqdgMhr6IhmkmWXuEM3Cn
Score

10^/10

zgrat agilenet execution rat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratagilenetexecutionrat

behavioral2

zgratagilenetexecutionrat

© 2018-2024

Terms | Privacy