Overview

overview

10

Static

static

3

BFP-AH5112....0.exe

windows7-x64

10

BFP-AH5112....0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    439243193b1be11bd2a49cebf6d8fba32e68585e0d053bdc134e6faf7032d707

  • Size

    1.1MB

  • Sample

    241022-y9jvrsvcrm

  • MD5

    4950ad05cca150d4944bbd07f96aa9e5

  • SHA1

    65d79b23ac9f78cf297cf2c0d69f3348c098c1b8

  • SHA256

    439243193b1be11bd2a49cebf6d8fba32e68585e0d053bdc134e6faf7032d707

  • SHA512

    df287234f1744e45b894123b2b30664a17728f9cda761ebddef66a01e0e623626d066ef6ce38212b6a6ec0e1e3158e5d85f3954cc030f819b7cc7aeeb0b22a8d

  • SSDEEP

    24576:N1gwhJU09N/Oa17U7HkStt9AdiXDeiEfjZixFL5Go9oZwT+rZLJ:z1h52U7QHDt98aD8GTj9AtV

Score
10/10
zgratdiscoveryrat

Malware Config

Targets

    • Target

      BFP-AH5112-1.21.14.0.exe

    • Size

      1.2MB

    • MD5

      11ed6a7cd05d047a446e4cdc5aec90dc

    • SHA1

      c569ec9336e772705caa7020553cf1e6a18c083c

    • SHA256

      ef8e7bf8960b76f6dd31ff6b0cca88e6f24e7a8d415639cf1aa3a558efba1d73

    • SHA512

      a39fe8643274fe7f8cc2b17c750366a96bc7721a075cb0f89d9e029c20d2b2446394e73dee77753cb4190f1b529a040c94a0d00cdda93a5a4820c810207e7dfa

    • SSDEEP

      24576:F86glZF4Iflxe2nBUf32CtPd4LibDwQ0lJ/kD91BoQ9uZUR+zZdQ:hKZxoUBq3PPd0QDMapV9u1O

    Score
    10/10
    zgratdiscoveryrat

    • Detect ZGRat V2

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks