Overview

overview

10

Static

static

1

BoosterX.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BoosterX.exe

  • Size

    29.9MB

  • Sample

    241028-sad8casbpj

  • MD5

    1d2d992676aa7e20e2cf5b5170c6db81

  • SHA1

    60dbe1e977076cdc07f1e59eb1ea3d855c3ccf38

  • SHA256

    8fd07bb6e8c598dcdd642a0f7e253fd4abe9d7fe608c9814392fff4f75007e8e

  • SHA512

    4b32c398292482e8c39c041b3e369750870cf464778ab6ef966f87683ebbdd045aadc2d56884039ed9f4c2a3aaf5c21c589354c2a91f1802d034427a54fa92a8

  • SSDEEP

    786432:8PdTpb2C0en7fqszuuItVAqB1GBVa6ZK8BXQZ3pQVPs:8P15Sszjeyq1G9rA3b

Score
10/10
zgratdiscoveryevasionexecutionrat

Malware Config

Targets

    • Target

      BoosterX.exe

    • Size

      29.9MB

    • MD5

      1d2d992676aa7e20e2cf5b5170c6db81

    • SHA1

      60dbe1e977076cdc07f1e59eb1ea3d855c3ccf38

    • SHA256

      8fd07bb6e8c598dcdd642a0f7e253fd4abe9d7fe608c9814392fff4f75007e8e

    • SHA512

      4b32c398292482e8c39c041b3e369750870cf464778ab6ef966f87683ebbdd045aadc2d56884039ed9f4c2a3aaf5c21c589354c2a91f1802d034427a54fa92a8

    • SSDEEP

      786432:8PdTpb2C0en7fqszuuItVAqB1GBVa6ZK8BXQZ3pQVPs:8P15Sszjeyq1G9rA3b

    Score
    10/10
    zgratdiscoveryevasionexecutionrat

    • Detect ZGRat V2

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Zgrat family

      zgrat

    • Stops running service(s)

      evasionexecution

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks