Overview

overview

10

Static

static

10

dcrat/123.bat

windows7-x64

10

dcrat/123.bat

windows10-2004-x64

10

dcrat/DCRat.exe

windows7-x64

10

dcrat/DCRat.exe

windows10-2004-x64

10

dcrat/data/7zxa.dll

windows7-x64

3

dcrat/data/7zxa.dll

windows10-2004-x64

3

dcrat/data/DCRAC.exe

windows7-x64

1

dcrat/data/DCRAC.exe

windows10-2004-x64

1

dcrat/data/DCRCC.exe

windows7-x64

3

dcrat/data/DCRCC.exe

windows10-2004-x64

3

dcrat/data...lt.exe

windows7-x64

1

dcrat/data...lt.exe

windows10-2004-x64

1

dcrat/data/NCC2.dll

windows7-x64

1

dcrat/data/NCC2.dll

windows10-2004-x64

1

dcrat/data/NCC3.dll

windows7-x64

3

dcrat/data/NCC3.dll

windows10-2004-x64

3

dcrat/data...ck.dll

windows7-x64

1

dcrat/data...ck.dll

windows10-2004-x64

1

dcrat/data/Rar.exe

windows7-x64

3

dcrat/data/Rar.exe

windows10-2004-x64

3

dcrat/data/RarExt.dll

windows7-x64

1

dcrat/data/RarExt.dll

windows10-2004-x64

3

dcrat/data...64.dll

windows7-x64

1

dcrat/data...64.dll

windows10-2004-x64

1

dcrat/data/WinCon.exe

windows7-x64

1

dcrat/data/WinCon.exe

windows10-2004-x64

1

dcrat/data/Zip.exe

windows7-x64

1

dcrat/data/Zip.exe

windows10-2004-x64

1

dcrat/data/dnlib.dll

windows7-x64

1

dcrat/data/dnlib.dll

windows10-2004-x64

1

dcrat/data...le.exe

windows7-x64

10

dcrat/data...le.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2024, 20:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcrat/data/dotNET_Reactor.Console.exe

  • Size

    14KB

  • MD5

    0b4dbf61a98f3e34cdd3a1b08a6a4609

  • SHA1

    73587f1f5d040541b230513d22d696513dbd4cf9

  • SHA256

    e817802f166662a7df0b144571354d74b10e34d120f91ae9d84ca3ba925241c6

  • SHA512

    7cca370890e4e245c84507623531b5f54b76ced3e8c6b87cdfc47ed16560b6a0a5cf9e0556075cd0d9266908e445b854114edd69d50870839624589676c0e688

  • SSDEEP

    192:8jY53csvsqHwrHEdSAejbMfDn1Gp78dsKGXOdlWW1ksTkwy:8jEnskskQlm1GRJKGXOdlWW1XTR

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcrat\data\dotNET_Reactor.Console.exe
    "C:\Users\Admin\AppData\Local\Temp\dcrat\data\dotNET_Reactor.Console.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Users\Admin\AppData\Local\Temp\dcrat\data\dotNET_Reactor.exe
      "C:\Users\Admin\AppData\Local\Temp\dcrat\data\dotNET_Reactor.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\SkinSoft\dotNET_Reactor\x86\ssapihook.dll
    Filesize

    68KB

    MD5

    bc6887aa21e7794a2c27e3ffd3dc3ed0

    SHA1

    2b845941c93094d7203553582f69d0c61a9fcee4

    SHA256

    919130e16d33fd58d0370b06b7fb0fc253f5b571fc33ad5c21eb8dafe4760c94

    SHA512

    9e952ae72851ba081809ea5d7a86108b0355f0882bae912e0ecf931fde2e878994142b6c16094473305392981439e49d9a32aa6aaf94edd07238a0ecb787e834

    Download Submit

  • memory/2208-12-0x0000000004F90000-0x0000000004F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-2-0x00000000745B0000-0x0000000074C9E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2208-3-0x00000000013B0000-0x00000000019A8000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2208-4-0x0000000000C00000-0x0000000000C40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-5-0x0000000000C00000-0x0000000000C40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-6-0x0000000004DB0000-0x0000000004DD8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2208-26-0x0000000000C00000-0x0000000000C40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-10-0x00000000013A0000-0x00000000013A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-25-0x00000000745B0000-0x0000000074C9E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2208-11-0x0000000004F80000-0x0000000004F81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-15-0x0000000005AE0000-0x0000000005AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-14-0x0000000005AD0000-0x0000000005AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-13-0x00000000050A0000-0x00000000050A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-16-0x0000000005AF0000-0x0000000005AF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-17-0x0000000005B00000-0x0000000005B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-18-0x0000000005B10000-0x0000000005B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-21-0x0000000000C00000-0x0000000000C40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2884-24-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2884-0-0x0000000001010000-0x000000000101A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2884-1-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.