Overview

overview

10

Static

static

3

Loader.exe

windows7-x64

3

Loader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    16.0MB

  • Sample

    250119-qdr79symbw

  • MD5

    764dff2ef44e85434f51b3b0a979ae5a

  • SHA1

    abe572b6cfeebf7733348115cf9c829736e2d4bc

  • SHA256

    f307af4877d45dc41d3a23298b34fc4d19e2f312fa802810709b52161687b1a0

  • SHA512

    417b99de4812062729895ef289b398d2371d5b560d2c8b35f96ac5c9dc2bad7f819d1163c48c10ce27cc42758d047c599629a4b9e8c65ee71399dd226ceb7668

  • SSDEEP

    196608:3JmOg8g5aoZnyFd36mwSv4Z0ZX+3NFaAMROyOIX:AOg8zcs37wQ4zvaAMROyRX

Score
10/10
zgratdiscoveryrat

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      16.0MB

    • MD5

      764dff2ef44e85434f51b3b0a979ae5a

    • SHA1

      abe572b6cfeebf7733348115cf9c829736e2d4bc

    • SHA256

      f307af4877d45dc41d3a23298b34fc4d19e2f312fa802810709b52161687b1a0

    • SHA512

      417b99de4812062729895ef289b398d2371d5b560d2c8b35f96ac5c9dc2bad7f819d1163c48c10ce27cc42758d047c599629a4b9e8c65ee71399dd226ceb7668

    • SSDEEP

      196608:3JmOg8g5aoZnyFd36mwSv4Z0ZX+3NFaAMROyOIX:AOg8zcs37wQ4zvaAMROyRX

    Score
    10/10
    discoveryzgratrat

    • Detect ZGRat V2

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Zgrat family

      zgrat

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks