Overview

overview

10

Static

static

10

VenomCrypt...ib.dll

windows7-x64

1

VenomCrypt...ib.dll

windows10-2004-x64

1

VenomCrypt...or.exe

windows7-x64

10

VenomCrypt...or.exe

windows10-2004-x64

10

VenomCrypt...er.exe

windows7-x64

1

VenomCrypt...er.exe

windows10-2004-x64

1

VenomCrypt...I2.dll

windows7-x64

1

VenomCrypt...I2.dll

windows10-2004-x64

1

VenomCrypt...or.dll

windows7-x64

1

VenomCrypt...or.dll

windows10-2004-x64

1

VenomCrypt...er.exe

windows7-x64

10

VenomCrypt...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    101s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2023 13:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomCrypter/Core/dotnetreactor.exe

  • Size

    14.3MB

  • MD5

    44b10b3b38df861e83d7fe0c06414bcd

  • SHA1

    fc94d4422602455e01442855c8f35164ef97412d

  • SHA256

    0133f4878d4441dad5c153b83b2cb70b510ff089814820cbfb4e88df31564c8e

  • SHA512

    00ee844a109cc603c1308b13d4c64a71b076fec41d60f47952f333f1db3c03c389b159c0b13a39f5a4ceefdd1a5212d01c8e5e55db4bdbb8e860788087db4288

  • SSDEEP

    196608:fk0F23nFoQ5RPoE72XoQZpChJwa/ThljpYvAksm8jb5HcT6Z:dQ3nFJQE74kpThbpM8JB

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes

  • C:\Users\Admin\AppData\Local\Temp\VenomCrypter\Core\dotnetreactor.exe
    "C:\Users\Admin\AppData\Local\Temp\VenomCrypter\Core\dotnetreactor.exe"
    1⤵
      PID:1816

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1816-0-0x0000000074CB0000-0x0000000075460000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1816-1-0x0000000000970000-0x00000000017C8000-memory.dmp

      Filesize

      14.3MB

      Download

    • memory/1816-2-0x0000000006180000-0x0000000006190000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1816-3-0x00000000068A0000-0x0000000006E44000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1816-4-0x00000000063E0000-0x0000000006446000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1816-5-0x00000000071F0000-0x0000000007282000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1816-6-0x000000000B040000-0x000000000B048000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1816-7-0x0000000006180000-0x0000000006190000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1816-8-0x000000000B4D0000-0x000000000B508000-memory.dmp

      Filesize

      224KB

      Download

    • memory/1816-9-0x000000000B4A0000-0x000000000B4AE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1816-10-0x000000000C590000-0x000000000C5D0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1816-15-0x0000000074CB0000-0x0000000075460000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1816-16-0x0000000006180000-0x0000000006190000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1816-17-0x0000000006180000-0x0000000006190000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1816-18-0x0000000006180000-0x0000000006190000-memory.dmp

      Filesize

      64KB

      Download