Overview

overview

10

Static

static

10

DCRat.exe

windows10-1703-x64

7

data/7zxa.dll

windows10-1703-x64

3

data/DCRAC.exe

windows10-1703-x64

1

data/DCRCC.exe

windows10-1703-x64

3

data/Default.exe

windows10-1703-x64

1

data/NCC2.dll

windows10-1703-x64

1

data/NCC3.dll

windows10-1703-x64

3

data/NCCheck.dll

windows10-1703-x64

1

data/Rar.exe

windows10-1703-x64

3

data/RarExt.dll

windows10-1703-x64

3

data/RarExt64.dll

windows10-1703-x64

3

data/WinCon.exe

windows10-1703-x64

1

data/Zip.exe

windows10-1703-x64

1

data/dnlib.dll

windows10-1703-x64

1

data/dotNE...le.exe

windows10-1703-x64

10

data/dotNE...or.exe

windows10-1703-x64

10

data/enc.vbe

windows10-1703-x64

1

data/upx.exe

windows10-1703-x64

7

data/wRar.exe

windows10-1703-x64

4

lib/L1nc0In 1.jar

windows10-1703-x64

7

lib/L1nc0In 10.jar

windows10-1703-x64

7

lib/L1nc0In 11.jar

windows10-1703-x64

7

lib/L1nc0In 12.jar

windows10-1703-x64

7

lib/L1nc0In 13.jar

windows10-1703-x64

7

lib/L1nc0In 14.jar

windows10-1703-x64

7

lib/L1nc0In 2.jar

windows10-1703-x64

7

lib/L1nc0In 3.jar

windows10-1703-x64

7

lib/L1nc0In 4.jar

windows10-1703-x64

7

lib/L1nc0In 5.jar

windows10-1703-x64

7

lib/L1nc0In 6.jar

windows10-1703-x64

7

lib/L1nc0In 7.jar

windows10-1703-x64

7

plugins/Te...le.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    195s
  • platform
    windows10-1703_x64
  • resource
    win10-20231025-en
  • resource tags

    arch:x64arch:x86image:win10-20231025-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15/11/2023, 13:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    data/dotNET_Reactor.exe

  • Size

    5.9MB

  • MD5

    bbc5441ecd131f5a98dff8be2ebc5294

  • SHA1

    f90e309443dc760359e69102f366496a53c307d8

  • SHA256

    78684aea83b1a5c402a87ba0ce2e7ad5b0338462cc804e97369203ce53d29834

  • SHA512

    46c553554bbcce6307bf68790edf81d2f5431a9576828a9544d98d670ed49178ccb6c7823578ee151d5c1958ef29dbe909185fa134ac12619e9c724db4e007c5

  • SSDEEP

    49152:WrlboOQElcnBHDghAxhVZNl1PO7uzXqEFSZsvot9YUi+XpZA8/aNUCe0sTK/z1:WBbojBbNTPO7WpFcXw

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\data\dotNET_Reactor.exe
    "C:\Users\Admin\AppData\Local\Temp\data\dotNET_Reactor.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2600

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\SkinSoft\dotNET_Reactor\x86\ssapihook.dll
          Filesize

          68KB

          MD5

          bc6887aa21e7794a2c27e3ffd3dc3ed0

          SHA1

          2b845941c93094d7203553582f69d0c61a9fcee4

          SHA256

          919130e16d33fd58d0370b06b7fb0fc253f5b571fc33ad5c21eb8dafe4760c94

          SHA512

          9e952ae72851ba081809ea5d7a86108b0355f0882bae912e0ecf931fde2e878994142b6c16094473305392981439e49d9a32aa6aaf94edd07238a0ecb787e834

          Download Submit

        • memory/2600-15-0x0000000000030000-0x0000000000031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-7-0x00000000060D0000-0x00000000060E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2600-3-0x0000000005EF0000-0x0000000005F82000-memory.dmp

          Filesize

          584KB

          Download

        • memory/2600-4-0x00000000060D0000-0x00000000060E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2600-5-0x00000000060B0000-0x00000000060BA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2600-6-0x0000000009A60000-0x0000000009A7E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2600-0-0x0000000073A10000-0x00000000740FE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2600-8-0x0000000009BE0000-0x0000000009C08000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2600-1-0x0000000000F40000-0x0000000001538000-memory.dmp

          Filesize

          6.0MB

          Download

        • memory/2600-13-0x0000000000010000-0x0000000000011000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-2-0x00000000062E0000-0x00000000067DE000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/2600-14-0x0000000000020000-0x0000000000021000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-20-0x0000000000080000-0x0000000000081000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-17-0x0000000000050000-0x0000000000051000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-18-0x0000000000060000-0x0000000000061000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-19-0x0000000000070000-0x0000000000071000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-16-0x0000000000040000-0x0000000000041000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-21-0x0000000000090000-0x0000000000091000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2600-22-0x000000000A7E0000-0x000000000ACAA000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/2600-25-0x00000000060D0000-0x00000000060E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2600-28-0x0000000073A10000-0x00000000740FE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2600-29-0x00000000060D0000-0x00000000060E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2600-30-0x00000000060D0000-0x00000000060E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2600-31-0x00000000060D0000-0x00000000060E0000-memory.dmp

          Filesize

          64KB

          Download