MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55af1ee79176f2503dc6cee5464344e6bbcaa4e37b4ae7217922c8e56ec395cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


zgRAT


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55af1ee79176f2503dc6cee5464344e6bbcaa4e37b4ae7217922c8e56ec395cf
SHA3-384 hash: 9e64a393b4fcd2b22dfffcb4650e6ba6e1da691edfd3904d29ffa8a4f97e9aad4fdc0732fc33d2eb3fe50a1705eb162c
SHA1 hash: ade74d0abac77203629b81513a739f11b39a52ef
MD5 hash: 5361a2f1d174599ebc5b6cc31daf86f2
humanhash: fish-lemon-september-maine
File name:SecuriteInfo.com.Trojan.Inject4.41405.32271.2476
Download: download sample
Signature zgRAT
Create hunting rule
File size:2'737'664 bytes
First seen:2022-08-31 13:37:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 49152:j8ASxr7FEi5LbunhHpj5G3FVhIdag5SNHeGJWrz:jTSt7FEGnCdpj5G3FVq18gGJ
TLSH T1ABC5C052AAE05933DDF869BD073F87F5975D090E012CE62D1164AA387DEC1AC3A05FE8
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon d2de8f9c9e9ad818 (6 x AsyncRAT, 2 x QuasarRAT, 1 x OrcusRAT)
Reporter SecuriteInfoCom
Tags:exe zgRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://raw.githubusercontent.com/sebbixr/Fortnite-Esp-Aimbot-Exploits-Hwid-Spoofer-Cleaner-Hack-Cheat/main/Fortnite%20Esp%20Aimbot%20Exploits%20Hwid%20Spoofer%20Cleaner%20Hack%20Cheat/Fortnite%20Internal%20Esp%20AIm%20Clean%20Full%E2%80%AEnls..scr
Verdict:
Suspicious activity
Analysis date:
2022-08-28 04:29:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4d554a04-a94f-4278-90d7-0b1d85ea151d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
zgRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/306861/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.41405.32271.2476.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/630f644f59c0157606bb5ba8/reports/501492e8-7e82-4ea2-99ee-fca6354531fc/overview
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1061735
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55af1ee79176f2503dc6cee5464344e6bbcaa4e37b4ae7217922c8e56ec395cf/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-08-27 18:08:51 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kwxr5z4ro3zfapogz3sumq2e4254vjhdpnfooilzeleok3wdsxhq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220831-qwvq4sgfe6/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
55af1ee79176f2503dc6cee5464344e6bbcaa4e37b4ae7217922c8e56ec395cf
MD5 hash:
5361a2f1d174599ebc5b6cc31daf86f2
SHA1 hash:
ade74d0abac77203629b81513a739f11b39a52ef
Link:
https://www.unpac.me/results/656beb69-0586-4ed5-b0f6-2abc49c04d59/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55af1ee79176f2503dc6cee5464344e6bbcaa4e37b4ae7217922c8e56ec395cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zgRAT

Executable exe 55af1ee79176f2503dc6cee5464344e6bbcaa4e37b4ae7217922c8e56ec395cf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2286588/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/306861/

Comments