Overview

overview

10

Static

static

3

72D37461BA...8E.exe

windows7-x64

10

72D37461BA...8E.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72D37461BAE5B05CE82A70A2D170B4C1E0CD134284D8E.exe

  • Size

    3.4MB

  • Sample

    240515-sdvz9see9w

  • MD5

    2c100ae7c04ea5d72e149d17611baca1

  • SHA1

    a3e8248074789657ccb0a7cc196d22bfffbcb18a

  • SHA256

    72d37461bae5b05ce82a70a2d170b4c1e0cd134284d8efbfcf09ec69dee50d11

  • SHA512

    5955d8099047c56e159566cd3be6ab34596473d7809ce8771999a93df984876e34e6b4f1e6dda1ae44429f6ab476c68216940b2165efeb2ff58c32010317b679

  • SSDEEP

    98304:yluaK1DE0mfhxWA3FbcSX7rhouLWssH2aryKUvg8r8TU:uuaK1DE04YA3FbcSX7FouLrrHPITU

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      72D37461BAE5B05CE82A70A2D170B4C1E0CD134284D8E.exe

    • Size

      3.4MB

    • MD5

      2c100ae7c04ea5d72e149d17611baca1

    • SHA1

      a3e8248074789657ccb0a7cc196d22bfffbcb18a

    • SHA256

      72d37461bae5b05ce82a70a2d170b4c1e0cd134284d8efbfcf09ec69dee50d11

    • SHA512

      5955d8099047c56e159566cd3be6ab34596473d7809ce8771999a93df984876e34e6b4f1e6dda1ae44429f6ab476c68216940b2165efeb2ff58c32010317b679

    • SSDEEP

      98304:yluaK1DE0mfhxWA3FbcSX7rhouLWssH2aryKUvg8r8TU:uuaK1DE04YA3FbcSX7FouLrrHPITU

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks