Overview

overview

10

Static

static

7

QZK RAT Fr...er.dll

windows10-2004-x64

1

QZK RAT Fr...ll.xml

windows10-2004-x64

1

QZK RAT Fr...er.dll

windows10-2004-x64

1

QZK RAT Fr...es.dll

windows10-2004-x64

1

QZK RAT Fr...ng.dll

windows10-2004-x64

1

QZK RAT Fr...us.dll

windows10-2004-x64

1

QZK RAT Fr...ox.dll

windows10-2004-x64

1

QZK RAT Fr...er.bat

windows10-2004-x64

1

QZK RAT Fr...rp.dll

windows10-2004-x64

1

QZK RAT Fr...re.dll

windows10-2004-x64

1

QZK RAT Fr...ms.dll

windows10-2004-x64

1

QZK RAT Fr...UI.dll

windows10-2004-x64

1

QZK RAT Fr...I2.dll

windows10-2004-x64

1

QZK RAT Fr...ry.dll

windows10-2004-x64

1

QZK RAT Fr...ry.dll

windows10-2004-x64

1

QZK RAT Fr...VB.dll

windows10-2004-x64

1

QZK RAT Fr...or.dll

windows10-2004-x64

1

QZK RAT Fr...am.dll

windows10-2004-x64

1

QZK RAT Fr...io.dll

windows10-2004-x64

1

QZK RAT Fr...ip.dll

windows10-2004-x64

10

QZK RAT Fr...ws.dll

windows10-2004-x64

5

QZK RAT Fr...ne.dll

windows10-2004-x64

1

QZK RAT Fr...AC.dll

windows10-2004-x64

1

QZK RAT Fr...en.dll

windows10-2004-x64

1

QZK RAT Fr...ks.dll

windows10-2004-x64

1

QZK RAT Fr...at.dll

windows10-2004-x64

1

QZK RAT Fr...um.dll

windows10-2004-x64

1

QZK RAT Fr...AT.exe

windows10-2004-x64

7

QZK RAT Fr...rs.dll

windows10-2004-x64

1

QZK RAT Fr...fe.dll

windows10-2004-x64

1

QZK RAT Fr...ib.dll

windows10-2004-x64

1

Resubmissions

21-11-2023 21:25

231121-z9p78agf85 10

16-04-2023 14:14

230416-rj2vbsca6z 10

Analysis

  • max time kernel
    156s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-04-2023 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QZK RAT Free/QZK RAT.exe

  • Size

    11.6MB

  • MD5

    ffbea3a298fb6de9a6ef389013c9e5f6

  • SHA1

    036bd7355eeb62444a1a957c637f589e97a882a3

  • SHA256

    c62b713747d6cff351f1088346caeb4799aa5718bbf073c37f58011e9abc99c7

  • SHA512

    00e63fd8762e21327813372c10c2d7581fa6a60dbc3c85d078d6a19d63bc20bc7ea6a937823edc97da013f7de0ffb4144db258ac184b334de7eff57fc67d2b78

  • SSDEEP

    196608:/ywGVHA2ZsdFSWnMYmvp7djurW1yNd3HUFxDSWSccMiIIiKIRM7ebK4ht3PYuz0R:awwHBZsSWep7JIX3HUFxOZMiIIiKIRMz

Score
7/10
agilenet

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QZK RAT Free\QZK RAT.exe
    "C:\Users\Admin\AppData\Local\Temp\QZK RAT Free\QZK RAT.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:1604
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x39c 0x388
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\566d2768-bf44-46b0-af8b-8d0930639f04\GunaDotNetRT.dll
    Filesize

    136KB

    MD5

    9af5eb006bb0bab7f226272d82c896c7

    SHA1

    c2a5bb42a5f08f4dc821be374b700652262308f0

    SHA256

    77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

    SHA512

    7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\566d2768-bf44-46b0-af8b-8d0930639f04\GunaDotNetRT.dll
    Filesize

    136KB

    MD5

    9af5eb006bb0bab7f226272d82c896c7

    SHA1

    c2a5bb42a5f08f4dc821be374b700652262308f0

    SHA256

    77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

    SHA512

    7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

    Download Submit
  • memory/1604-156-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-138-0x0000000007550000-0x0000000007AF4000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1604-133-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-157-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-139-0x0000000006FA0000-0x0000000007032000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1604-140-0x00000000042B0000-0x00000000042BA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1604-141-0x0000000007040000-0x0000000007096000-memory.dmp
    Filesize

    344KB

    Download
  • memory/1604-142-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-143-0x0000000007200000-0x00000000072BC000-memory.dmp
    Filesize

    752KB

    Download
  • memory/1604-144-0x0000000008150000-0x000000000839C000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/1604-135-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-134-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-152-0x0000000072DF0000-0x0000000072E79000-memory.dmp
    Filesize

    548KB

    Download
  • memory/1604-153-0x00000000711F0000-0x0000000071227000-memory.dmp
    Filesize

    220KB

    Download
  • memory/1604-154-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-155-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-137-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-158-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-136-0x0000000006F00000-0x0000000006F9C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/1604-159-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-160-0x00000000711F0000-0x0000000071227000-memory.dmp
    Filesize

    220KB

    Download
  • memory/1604-161-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-162-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-163-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-165-0x00000000071F0000-0x0000000007200000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1604-166-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-167-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-168-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-169-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-170-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-171-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-172-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-173-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-174-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-175-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download
  • memory/1604-176-0x0000000000160000-0x00000000014D2000-memory.dmp
    Filesize

    19.4MB

    Download