Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166

  • Size

    314KB

  • Sample

    240401-h36g7agc7z

  • MD5

    ad997dc4ee32ab469e45009f218175d0

  • SHA1

    17ef145486c494ea9c727972c501471e720887f0

  • SHA256

    a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166

  • SHA512

    727aceb3edd5dfbbbad84e1aef4beb3773313378bd4fa6cd77800d6cf578ba740a5ebc1f3740593071a26daa2cf91e49243fa4ba043d934c8bd936a1526c18d0

  • SSDEEP

    3072:oiPK9mkbyBaKJyPATmiyAnY5o9BrFV0bIBVvBCj4EKK4h75AQ5ii:oCj2yBOiW5o972jEh75F5ii

Score
10/10
limeratzgratrat

Malware Config

Targets

    • Target

      a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166

    • Size

      314KB

    • MD5

      ad997dc4ee32ab469e45009f218175d0

    • SHA1

      17ef145486c494ea9c727972c501471e720887f0

    • SHA256

      a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166

    • SHA512

      727aceb3edd5dfbbbad84e1aef4beb3773313378bd4fa6cd77800d6cf578ba740a5ebc1f3740593071a26daa2cf91e49243fa4ba043d934c8bd936a1526c18d0

    • SSDEEP

      3072:oiPK9mkbyBaKJyPATmiyAnY5o9BrFV0bIBVvBCj4EKK4h75AQ5ii:oCj2yBOiW5o972jEh75F5ii

    Score
    10/10
    limeratzgratrat

    • Detect ZGRat V1

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks