Overview

overview

10

Static

static

10

s.bat

windows7_x64

1

s.bat

windows10_x64

10

Resubmissions

04-11-2021 15:43

211104-s5xyyaghf7 10

04-11-2021 15:05

211104-sf9w7sghb7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    flaw.zip

  • Size

    2KB

  • Sample

    211104-sf9w7sghb7

  • MD5

    eada2200264d2f7049a6565657572411

  • SHA1

    364d2f1616eb714004fe1b3dcc6f45b83e559697

  • SHA256

    89deb42ce8627126769e072cfeee490ec71cb980e311bec2664cc58cd33c4b5f

  • SHA512

    577695e37dc5144c00bf56c4ff75f2e3b5336c8b2720d751459d09e64e5af3a2f6cd6d6b28c398c276c676b1bd5277be9a1665b9d07e2ddc2a157734172d6e11

Score
10/10
cobaltstrikeflawedgraceratreflectivegnomebackdoordownloaderloaderpersistencerattrojan

Malware Config

Targets

    • Target

      s.bat

    • Size

      88B

    • MD5

      d69a52a259d3ed368cb3133745839e8b

    • SHA1

      601a7608e6fc25fee199eed858f97748a308f2ff

    • SHA256

      db4e4564fece5cd02bc4278237b09fe674e91d0f2b73e7f5cfb3a29471f192e7

    • SHA512

      5159241ad07b297e500b83d9874eb001fe149d6819e123d1d32b3364a9f55830539abd98a8256b747054f238c1869560144521a1d6b05970a1e38f63527a9715

    Score
    10/10
    cobaltstrikeflawedgraceratbackdoorloaderpersistencerattrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • FlawedGraceRAT

      FlawedGrace is a full-featured RAT written in C++.

      ratflawedgracerat

    • Registers COM server for autorun

      persistence

    • FlawedGraceRat Backdoor

      Detects FlawedGraceRat x64 backdoor in memory.

      backdoor

    • FlawedGraceRat Loader

      Detects FlawedGraceRat x64 loader in memory.

      loader
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks