Overview

overview

10

Static

static

3

BFP-AH860-....0.exe

windows7-x64

10

BFP-AH860-....0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc253d0f1829d4e068e65f3b251fec7f001e84b2212d1733379692d20662fc00

  • Size

    1.1MB

  • Sample

    241119-ywzztswqal

  • MD5

    6e77ddc00b96d986a687ca9712b7be22

  • SHA1

    423efb6dad410fe2a94026530cb7eac5bf39a879

  • SHA256

    fc253d0f1829d4e068e65f3b251fec7f001e84b2212d1733379692d20662fc00

  • SHA512

    2f5e9f653ae39f4992a89ca09a8158c50c9eebc44a294f2c742189c74b51053fd3c9cfab53d9404fa8b00fcba7c382a58c0eabd85dbc788b25866a4e5f1c6d4b

  • SSDEEP

    24576:21gZBRW5ZxG3maN0PCtFcOR4XWuCmTLtTN+I9uZGx+dZtI:ea7AZxGvGPCgOaTLPj9WT6

Score
10/10
zgratdiscoveryrat

Malware Config

Targets

    • Target

      BFP-AH860-1.21.25.0.exe

    • Size

      1.2MB

    • MD5

      b5e6f01303b2ee60a1b0ab075a07d352

    • SHA1

      1ed0d38e0960aae2a63473ab8eacaf7a062e7ba8

    • SHA256

      d24b60bc4292559c83febd7af9a0f04eebe9033cdc31397262b3a5d22ef21204

    • SHA512

      423203b6dc46e335c58cd5d089c476197327aff5f4fcaa77ebb74ded7f546724d3c561f3d6631885572674a63db4f3c7837cb0f7fcaed9183090d0afb2d232b5

    • SSDEEP

      24576:F86tlRuBZxstmMN4Lytziq14RyuOmBL91BoQ9uZUR+zZdQ:hRIZxs9SLycqeBLpV9u1O

    Score
    10/10
    zgratdiscoveryrat

    • Detect ZGRat V2

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Zgrat family

      zgrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks