Malware Analysis Report

2024-10-24 17:01

Sample ID 230227-qt4w1adf41
Target 24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c
SHA256 24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c
Tags
hzrat backdoor
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c

Threat Level: Known bad

The file 24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c was found to be: Known bad.

Malicious Activity Summary

hzrat backdoor

Detects HZRAT backdoor

HZRAT

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-27 13:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-27 13:34

Reported

2023-02-27 13:36

Platform

win10-20230220-en

Max time kernel

142s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c.exe"

Signatures

Detects HZRAT backdoor

Description Indicator Process Target
N/A N/A N/A N/A

HZRAT

backdoor hzrat

Processes

C:\Users\Admin\AppData\Local\Temp\24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c.exe

"C:\Users\Admin\AppData\Local\Temp\24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c.exe"

Network

Country Destination Domain Proto
N/A 10.4.63.11:8081 tcp
CN 123.182.253.14:10004 tcp
US 104.208.16.90:443 tcp
N/A 10.4.63.11:8081 tcp
CN 123.182.253.14:10004 tcp
N/A 10.4.63.11:8081 tcp
CN 123.182.253.14:10004 tcp
N/A 10.4.63.11:8081 tcp

Files

memory/2008-121-0x0000000000400000-0x00000000004B4000-memory.dmp