Resubmissions

04-11-2021 13:49

211104-q4vfbadhbp 10

09-10-2021 19:28

211009-x63yssfdep 10

Analysis

  • max time kernel
    117s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    04-11-2021 13:49

General

  • Target

    host64_sh.bin.dll

  • Size

    1.1MB

  • MD5

    be7c98b47dfcd2cdec6c22c672294490

  • SHA1

    39d2c5d3b7ed452ba46782f07e909f0f3046adb3

  • SHA256

    683310846a896f941b253ab2a2de45f4311948d0eddba63d9076a5ee0d2e7c6d

  • SHA512

    c56dab163b7c4f0427c3d28cf91fbba7bf736b2ea67cd1b7806946492e9907b1c1241e7faa5370d9dcd792b70bf6cf82cafec9a6084d694bf767d8b41b273786

Malware Config

Signatures

  • FlawedGraceRAT

    FlawedGrace is a full-featured RAT written in C++.

  • FlawedGraceRat Loader 1 IoCs

    Detects FlawedGraceRat x64 loader in memory.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\host64_sh.bin.dll,#1
    1⤵
      PID:1936

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1936-54-0x0000000001D60000-0x0000000001E7B000-memory.dmp

      Filesize

      1.1MB