Overview

overview

10

Static

static

10

dcrat/123.bat

windows7-x64

10

dcrat/123.bat

windows10-2004-x64

10

dcrat/DCRat.exe

windows7-x64

10

dcrat/DCRat.exe

windows10-2004-x64

10

dcrat/data/7zxa.dll

windows7-x64

3

dcrat/data/7zxa.dll

windows10-2004-x64

3

dcrat/data/DCRAC.exe

windows7-x64

1

dcrat/data/DCRAC.exe

windows10-2004-x64

1

dcrat/data/DCRCC.exe

windows7-x64

3

dcrat/data/DCRCC.exe

windows10-2004-x64

3

dcrat/data...lt.exe

windows7-x64

1

dcrat/data...lt.exe

windows10-2004-x64

1

dcrat/data/NCC2.dll

windows7-x64

1

dcrat/data/NCC2.dll

windows10-2004-x64

1

dcrat/data/NCC3.dll

windows7-x64

3

dcrat/data/NCC3.dll

windows10-2004-x64

3

dcrat/data...ck.dll

windows7-x64

1

dcrat/data...ck.dll

windows10-2004-x64

1

dcrat/data/Rar.exe

windows7-x64

3

dcrat/data/Rar.exe

windows10-2004-x64

3

dcrat/data/RarExt.dll

windows7-x64

1

dcrat/data/RarExt.dll

windows10-2004-x64

3

dcrat/data...64.dll

windows7-x64

1

dcrat/data...64.dll

windows10-2004-x64

1

dcrat/data/WinCon.exe

windows7-x64

1

dcrat/data/WinCon.exe

windows10-2004-x64

1

dcrat/data/Zip.exe

windows7-x64

1

dcrat/data/Zip.exe

windows10-2004-x64

1

dcrat/data/dnlib.dll

windows7-x64

1

dcrat/data/dnlib.dll

windows10-2004-x64

1

dcrat/data...le.exe

windows7-x64

10

dcrat/data...le.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcrat/data/dotNET_Reactor.Console.exe

  • Size

    14KB

  • MD5

    0b4dbf61a98f3e34cdd3a1b08a6a4609

  • SHA1

    73587f1f5d040541b230513d22d696513dbd4cf9

  • SHA256

    e817802f166662a7df0b144571354d74b10e34d120f91ae9d84ca3ba925241c6

  • SHA512

    7cca370890e4e245c84507623531b5f54b76ced3e8c6b87cdfc47ed16560b6a0a5cf9e0556075cd0d9266908e445b854114edd69d50870839624589676c0e688

  • SSDEEP

    192:8jY53csvsqHwrHEdSAejbMfDn1Gp78dsKGXOdlWW1ksTkwy:8jEnskskQlm1GRJKGXOdlWW1XTR

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcrat\data\dotNET_Reactor.Console.exe
    "C:\Users\Admin\AppData\Local\Temp\dcrat\data\dotNET_Reactor.Console.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Users\Admin\AppData\Local\Temp\dcrat\data\dotNET_Reactor.exe
      "C:\Users\Admin\AppData\Local\Temp\dcrat\data\dotNET_Reactor.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\SkinSoft\dotNET_Reactor\x86\ssapihook.dll
    Filesize

    68KB

    MD5

    bc6887aa21e7794a2c27e3ffd3dc3ed0

    SHA1

    2b845941c93094d7203553582f69d0c61a9fcee4

    SHA256

    919130e16d33fd58d0370b06b7fb0fc253f5b571fc33ad5c21eb8dafe4760c94

    SHA512

    9e952ae72851ba081809ea5d7a86108b0355f0882bae912e0ecf931fde2e878994142b6c16094473305392981439e49d9a32aa6aaf94edd07238a0ecb787e834

    Download Submit

  • memory/2208-12-0x0000000004F90000-0x0000000004F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-16-0x0000000005AF0000-0x0000000005AF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-3-0x00000000013B0000-0x00000000019A8000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2208-4-0x0000000000C00000-0x0000000000C40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-5-0x0000000000C00000-0x0000000000C40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-6-0x0000000004DB0000-0x0000000004DD8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2208-11-0x0000000004F80000-0x0000000004F81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-13-0x00000000050A0000-0x00000000050A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-26-0x0000000000C00000-0x0000000000C40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-25-0x00000000745B0000-0x0000000074C9E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2208-10-0x00000000013A0000-0x00000000013A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-14-0x0000000005AD0000-0x0000000005AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-15-0x0000000005AE0000-0x0000000005AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-2-0x00000000745B0000-0x0000000074C9E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2208-17-0x0000000005B00000-0x0000000005B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-18-0x0000000005B10000-0x0000000005B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-21-0x0000000000C00000-0x0000000000C40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2884-0-0x0000000001010000-0x000000000101A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2884-24-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2884-1-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

    Filesize

    9.9MB

    Download