Overview

overview

10

Static

static

10

123.bat

windows10-1703-x64

7

DCRat.exe

windows10-1703-x64

7

data/7zxa.dll

windows10-1703-x64

3

data/DCRAC.exe

windows10-1703-x64

1

data/DCRCC.exe

windows10-1703-x64

3

data/Default.exe

windows10-1703-x64

1

data/NCC2.dll

windows10-1703-x64

1

data/NCC3.dll

windows10-1703-x64

3

data/NCCheck.dll

windows10-1703-x64

1

data/Rar.exe

windows10-1703-x64

3

data/RarExt.dll

windows10-1703-x64

3

data/RarExt64.dll

windows10-1703-x64

3

data/WinCon.exe

windows10-1703-x64

1

data/Zip.exe

windows10-1703-x64

1

data/dnlib.dll

windows10-1703-x64

1

data/dotNE...le.exe

windows10-1703-x64

10

data/dotNE...or.exe

windows10-1703-x64

10

data/enc.vbe

windows10-1703-x64

1

data/upx.exe

windows10-1703-x64

7

data/wRar.exe

windows10-1703-x64

4

lib/IIIlll...lI.jar

windows10-1703-x64

7

lib/IIIlll...lI.jar

windows10-1703-x64

7

lib/IIlIlI...lI.jar

windows10-1703-x64

7

lib/IlIIlI...II.jar

windows10-1703-x64

7

lib/IlIlII...Il.jar

windows10-1703-x64

7

lib/IlIllI...Il.jar

windows10-1703-x64

7

lib/IllIII...II.jar

windows10-1703-x64

7

lib/lIIllI...Il.jar

windows10-1703-x64

7

lib/llIlII...lI.jar

windows10-1703-x64

7

plugins/BS...on.dll

windows10-1703-x64

1

plugins/Bl...in.dll

windows10-1703-x64

1

plugins/Bu...in.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dcrat (1).rar

  • Size

    43.4MB

  • Sample

    240420-fca79ahe81

  • MD5

    ea1eb993cdbee55bc15c426032e76241

  • SHA1

    bb21ff06c8be4dfba4b5cf7c7aabd71ec1a497a1

  • SHA256

    8bc4d422624113b2af547b64fa7df842b821f189ca4d7bad6e75767fec4a9e59

  • SHA512

    4ad51aa6c4ecc0a3f06e145798577499700a948d1d1182a93bdd3965c21f36be5c03578f0eabb8cff08c532ad5ba238c6b518551ca9098859536f690ca42fa8c

  • SSDEEP

    786432:GDo8c9c682tNlPaiBjqz37ESI1SJIlB8nNXrXjZ62RVF30OSIp:uWb82tNcqj43t+SlJrTZzZnSQ

Score
10/10
zgratdiscoverypersistenceratupx

Malware Config

Targets

    • Target

      123.bat

    • Size

      66B

    • MD5

      572472c7cc450eedfcd8061e7f64eb96

    • SHA1

      6d315e5521592f668dc2899eaa83f2ac9cbe99c4

    • SHA256

      b449f5170c97f7328ce8ff6f2d741c489de4fc9640dcd1a4781349c60f25d934

    • SHA512

      f89b64c7300aa52b1bba95f1a45fb1dcc1ef13ed81bb0e671159120f909bba94a9762de9c78056f1f535e2797efffa689e6e10b73ca3a0997b307361619883b6

    Score
    7/10
    discovery
    behavioral1

    • Target

      DCRat.exe

    • Size

      72KB

    • MD5

      2c7d37e90dd8ab57d06dad5bc7956885

    • SHA1

      da789c107c4c68b8250b6589e45e5a3cf7a9a143

    • SHA256

      5ede5d774ab65f25357cf5a1fa5e354f6f2a9868651a0fa717485802b21b1939

    • SHA512

      e74ae891771bfd9c6fcdfbe8e4f33f0d5f7c3457cd84b257500cdaf8fa8b16fe458a18db9b3a60591465982fc2871f4c3f2e7541c765f00a0516f805e7e9ca0f

    • SSDEEP

      768:P7Zw33FNUf6Nhd/fQ1l+0vM0iT9HvMB90d24:zZ2FWSNhd/4131i89p4

    Score
    7/10
    discovery
    behavioral2

    • Target

      data/7zxa.dll

    • Size

      155KB

    • MD5

      786d4c74c05832a652be5c0a559be1e6

    • SHA1

      56bc5cf0bef56565da871af9e10ac8c2302d2ad7

    • SHA256

      d0680ac62e94f953df031533acd0acb718ad8494f938d84198c655507709e5df

    • SHA512

      29cf07d3acceb716a2e9ec66434170ba7f15c5af3c843253d72be6f7bf1ab942a6e098a423beb33efb9fbf8bb6c967c34d4dedf65aca72984c6aa70c58e0eeb4

    • SSDEEP

      3072:QwBYN3i204AHpzTjaLd4+OTpLcl28hpQplf4btKL6mCF:E3cp3jaLupLc3fclAKmJ

    Score
    3/10
    behavioral3

    • Target

      data/DCRAC.exe

    • Size

      26KB

    • MD5

      8a1a98367fd8cb7aa977403f88152e60

    • SHA1

      cb56f3348ef9b2bb6f38f3ef2b5522e64222b707

    • SHA256

      730fdccacba82f334638c13a284ae2e8462e10382bf55d2a0d35f25b805bdc02

    • SHA512

      a18dd788496c9d34c538cf547cf1bd3aeffd6c452d615a186c05222043b7bde5a03360cc33c9005951ff4bd076b4fecabeaf418b59d3623d604ff7b308d09e83

    • SSDEEP

      768:DZIex9MGyfCCk5L+VUI5SNcGN0KttZZA9BCfNGJkvmNzJhCY2misDfb4oCij:tIegGy6CA+VT

    Score
    1/10
    behavioral4

    • Target

      data/DCRCC.exe

    • Size

      24KB

    • MD5

      7369469d49c34493f1b8a06fc89d9c7f

    • SHA1

      956b5e6933b6c8141fe6aa16d97b15fc0e985e95

    • SHA256

      8f5b38fdde20187e5ab965e60c024b98def9d565ea23f596da4fe13d12e5f5b8

    • SHA512

      1777cc2a5e11115d71b92c5790be558838aed0173a3d7ff288db44674a0b3151026515d74518a960c2467d9be549cd47567123b59330d7684a9b2919b707a1a3

    • SSDEEP

      384:QVkGGnEOjdf9FZiJSi6gi8Yd6aHmcL/QKN+eglriL5nOIj3vFy:tFdf9CJ+F8IG1KGleNB5y

    Score
    3/10
    behavioral5

    • Target

      data/Default.SFX

    • Size

      309KB

    • MD5

      89bf0f7e9adf290c6d571eccf79206a9

    • SHA1

      65f95791234ff93bc3e35f1d35d7a6664872dc56

    • SHA256

      b11ad1adfa96eacf5f18cf87785884947a6d35a1baebf4f20f16402b04d5109f

    • SHA512

      cfa060f8aa79529fe8a4809ed5faec499fd15bcd4fb4a536759890e536ded2ca26e593b1f8b04d94e998b063a9a9b8b6bb53166976a5cd018913819959dbc7d5

    • SSDEEP

      6144:ajT5Zh17eWxoG/+ov/2OIQ4wW3OBsCeAW32X+t4Rb:aRZ+IoG/n9IQxW3OBsee2X+t4Rb

    Score
    1/10
    behavioral6

    • Target

      data/NCC2.dll

    • Size

      13KB

    • MD5

      12e7983a050a5f7f7b501d3cda914248

    • SHA1

      6ce5d9b763fc05dcdfcaea79a62a8352371d749c

    • SHA256

      a0b6bb521e52a99abf5ac1017302da014d37296619078d42d9edf5d86d137f63

    • SHA512

      0b8788c858c35e0f8f56d552518adb71c847240f6d7c199243e046c4c2e2ae32cb035a0bc5098631656c5d7d772be4fdfdc6a4e19e00092fb3eb09044998be97

    • SSDEEP

      192:jKsAWXvf+AxcTC6xFrnT5xoqMSqzqqJocD/HCtVWAc3XTEqx2CvAPhz:9Z/f+XT/xBwqMSqeqqcmUDhKhz

    Score
    1/10
    behavioral7

    • Target

      data/NCC3.dll

    • Size

      72KB

    • MD5

      aa84f91edd922e7b3bb979e663c94f1a

    • SHA1

      da46b9962a6c6cceef38c3e11b8b5bc9c1b536fa

    • SHA256

      38274608d5a4b53ec22f8099f798ba46ce0ed41db65a33dfb3853f0dbf849f6f

    • SHA512

      88392fc77a0300ece306908867be38011530d9eefdf003452ba86d82f2fa4a61c2b27a199f376ac307c095beaa4f52cefcab59c8b28fa187c0bca13f55f2d98b

    • SSDEEP

      1536:a44UF/3qab79HtYDAD5MPEBq9iNv6qfSOBHfVW:a44G3fRMPiuuv6qqOBHfVW

    Score
    3/10
    behavioral8

    • Target

      data/NCCheck.dll

    • Size

      162KB

    • MD5

      569052631a6b80c1c6a336c10c978b02

    • SHA1

      4bc411b19536c90a6ea0917d7d93f3f6560ee6f0

    • SHA256

      c41cd461470ff3c936e225cea37e5190cb06e3cd70a3d76ca8e5d3aceead5493

    • SHA512

      d0e251973a0c6b3fecaa41d9042c7001e4e9e20484fe2ed9ed1ce04a416952054cb010bff6643c0fa093ac60bbe079c11ba0d6f9699224a3db7a56fdbc4f7f69

    • SSDEEP

      3072:iW3Hj+g/SFOANotkow8WZT75Izm04x7RP+iH3D1VIkB5XFu9H:v36gp5tk5Nx1P+iH3D1VIk6

    Score
    1/10
    behavioral9

    • Target

      data/Rar.exe

    • Size

      578KB

    • MD5

      eb24024a8a46c71303e0b18d0e1859f6

    • SHA1

      e0ee47fcd63beb2168da119f061d03b0bd6872ea

    • SHA256

      770d7b5e40ed9b0aff5d0e3fc2ccf9ba10d4925d3441f38b71a35bd26e6e8d98

    • SHA512

      292e3090338ee3443acd8c2bde59506f3f89d62bf8ff0d95067a812a22b17c98fc2aa9439d3dfa16dcfe338070d7b5af3acefb696a267435bf5b19dceef83a2c

    • SSDEEP

      12288:wS6ZrwO87OYWi14874mT77CkIf3kBmiXtRI/+7bHuVV7:wSOrwO87OM14nmT77Ck28mijQ+bHit

    Score
    3/10
    behavioral10

    • Target

      data/RarExt.dll

    • Size

      481KB

    • MD5

      e3e09ba1cca853535cad6900133d819e

    • SHA1

      99865c784613ca201ba8c10d482c9b8c226ce8eb

    • SHA256

      35a21f1aebf8ea0ab9be1814131fec1fa079d91b701e505054b69eccbdfd0732

    • SHA512

      2fc9978796a68cbee3cac7a3fee1f7415cacfa20ff7515e98fb04006a4b20f4002df327473b33c66ca28cf5d2d2bb9d2a25766487deb68916341ceca10663a3a

    • SSDEEP

      6144:qukXSvypOmqIdSGHp+A6NeT5P0XMdHFuodDacXqEk8tZ1mqrt5nJKGgBdUhcX7ee:lkiIdFHpwOF0cdln42qEk4j+Bd3X3um

    Score
    3/10
    behavioral11

    • Target

      data/RarExt64.dll

    • Size

      554KB

    • MD5

      76a5f50d92f543e566b0152e0be1cf9e

    • SHA1

      61db9bb0ffd049cad2bc747f69dff0dc3fc17a28

    • SHA256

      db28575f61b1adc88a28ae51ce3b00226e4974ca60894896e414ea408c6ff9fe

    • SHA512

      c76a09c6cfb9b067eb41afddd1b9bbb111438502f71d6836cbb194ceec865d7478c7f14254684b52d98685232de04f2e1ef35a55946b5993968c81f2e9d050ae

    • SSDEEP

      6144:O2uqTDJ8HTNZ//j3kOhpJcojM1Rz8ot2ybeBwQA7EE9fNaLTxcRRD7cICzdKGgBz:O2ue8HBpJ3M1cybpQcNYLGuqBd3X3uAZ

    Score
    3/10
    behavioral12

    • Target

      data/WinCon.SFX

    • Size

      275KB

    • MD5

      30e207b91721e27d2d30c3f627552a95

    • SHA1

      2fa6368e3d61bdf695e2c878279ad208756a9462

    • SHA256

      ca08ed8423afda4b41757a1f3adf4f855732dc0628fe2ea5d8a96b13f56b9f84

    • SHA512

      fa24eeead49a824952c2973828bbf9662c0f6eb01d9655c03db46454516e50681d3a10df76b3d3963e5672d2383db336db7caea9197f21ac5872acbb8f6a2404

    • SSDEEP

      6144:XaBQtMvy7RHKVxMANkIltkaocp+U/ZrbHUO:XntMOKVxMMkIli1cpdpbHn

    Score
    1/10
    behavioral13

    • Target

      data/Zip.SFX

    • Size

      263KB

    • MD5

      9a2ea4da5eec75298f16ba444d3a98d6

    • SHA1

      f4f790430556e36d418498cd2f3112d04dabf877

    • SHA256

      2293fe261d5c6f5f2a33004b11f068037677b7aa5a6f792031e31555f31f0d69

    • SHA512

      69c86181722d2416c1836c9d24df268ba04704898643d2e741d76d1f1493cd140013c95d8e00ce7a95a280cdd5869769a0fffa2fb0c8dc41bb4c8d8fd69f58f4

    • SSDEEP

      3072:sv/MtM8A6OOodzRMOSgNs2Dsx7Cwbj59HvhaxO6M65ysytvg6VNf0ETA8B9kxpjK:sstlOOo8x7n59Z+zyu65QxpX+t4sP

    Score
    1/10
    behavioral14

    • Target

      data/dnlib.dll

    • Size

      1.1MB

    • MD5

      de0069c4097c987bd30ebe8155a8af35

    • SHA1

      aced007f4d852d7b84c689a92d9c36e24381d375

    • SHA256

      83445595d38a8e33513b33dfc201983af4746e5327c9bed470a6282d91d539b6

    • SHA512

      66c45818e5c555e5250f8250ea704bc4ca32ddb4d5824c852ae5dc0f264b009af73c7c1e0db1b74c14ee6b612608d939386da23b56520cac415cd5a8f60a5502

    • SSDEEP

      24576:m+pL+hwfQvqx+yLjynb1YNzh/CNX7fegPeH3hid3Hc9ZEu5DkU6FPepU1VWv7fo0:sxvCLUJ

    Score
    1/10
    behavioral15

    • Target

      data/dotNET_Reactor.Console.exe

    • Size

      14KB

    • MD5

      0b4dbf61a98f3e34cdd3a1b08a6a4609

    • SHA1

      73587f1f5d040541b230513d22d696513dbd4cf9

    • SHA256

      e817802f166662a7df0b144571354d74b10e34d120f91ae9d84ca3ba925241c6

    • SHA512

      7cca370890e4e245c84507623531b5f54b76ced3e8c6b87cdfc47ed16560b6a0a5cf9e0556075cd0d9266908e445b854114edd69d50870839624589676c0e688

    • SSDEEP

      192:8jY53csvsqHwrHEdSAejbMfDn1Gp78dsKGXOdlWW1ksTkwy:8jEnskskQlm1GRJKGXOdlWW1XTR

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Loads dropped DLL

    behavioral16

    • Target

      data/dotNET_Reactor.exe

    • Size

      5.9MB

    • MD5

      bbc5441ecd131f5a98dff8be2ebc5294

    • SHA1

      f90e309443dc760359e69102f366496a53c307d8

    • SHA256

      78684aea83b1a5c402a87ba0ce2e7ad5b0338462cc804e97369203ce53d29834

    • SHA512

      46c553554bbcce6307bf68790edf81d2f5431a9576828a9544d98d670ed49178ccb6c7823578ee151d5c1958ef29dbe909185fa134ac12619e9c724db4e007c5

    • SSDEEP

      49152:WrlboOQElcnBHDghAxhVZNl1PO7uzXqEFSZsvot9YUi+XpZA8/aNUCe0sTK/z1:WBbojBbNTPO7WpFcXw

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Loads dropped DLL

    behavioral17

    • Target

      data/enc.vbe

    • Size

      692B

    • MD5

      f88125f6eafc7f4805913cf4077b2525

    • SHA1

      404917f27f1522cac77f3433594ccd290957da21

    • SHA256

      5981e508e89c65c445fca892e91b8ec39b1d8563804d0999d963d640aa592444

    • SHA512

      748249fe186892c96971a63b5055738f2b6beb3e49ba950c834de188fd62da4710ad1a5264f8caead6277b327df299d58e76a4ce219fc30fbd0281b9d5a52f54

    Score
    1/10
    behavioral18

    • Target

      data/upx.exe

    • Size

      402KB

    • MD5

      e8b39f250fb67e115e07e9eac5c99708

    • SHA1

      51bf6ab0baa3a4c6f45be46011baa8ccd7ceaf8f

    • SHA256

      d634cde09d1aa1320a1d4c589d35d306f8350129faf225b2bca394128c2c4442

    • SHA512

      37418c8941834c95f59bc026e82002035fcdd7ea217061a217d5ab28f9859f1aacf0e9f213bc5eb27e3f23db8d8817ae88abc3c2ab6a4f45ce3e4ca74c0ce7e8

    • SSDEEP

      12288:eVRYo8O3lmhJ4/f9DbzyYn7gZ7gYESBOY8YsLwxpoS:O8O3BJlgZEczr

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19

    • Target

      data/wRar.exe

    • Size

      2.4MB

    • MD5

      fd7b28f197668c62d7ab2eb77ad2750d

    • SHA1

      d9c0ec348cf944c7f239e92e1bdb66caaf711895

    • SHA256

      1317d70682bd11e5d320af850d6ecbb5a70c200d626ec7bf69c47566894db515

    • SHA512

      49017ed6caa0ccd00834bca3cd96ef42fc9923e2b6232841680d44e3cb6907dc5cc3c3a8c2aaff8239230755c5dab43a9f9003347cb274d7ff5f0ed06c0c8e61

    • SSDEEP

      49152:AUIjvGfhVhmERhpo2jQttLGNwZ4zNDNui0hBdH3rP:AHj+zdp1iGNNtNuTBpbP

    Score
    4/10
    persistence
    behavioral20

    • Target

      lib/IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar

    • Size

      2.3MB

    • MD5

      6316f84bc78d40b138dab1adc978ca5d

    • SHA1

      b12ea05331ad89a9b09937367ebc20421f17b9ff

    • SHA256

      d637e3326f87a173abd5f51ac98906a3237b9e511d07d31d6aafcf43f33dac17

    • SHA512

      1cdca01ed9c2bc607207c8c51f4b532f4153e94b3846308332eccae25f9c5fddf8279e3063f44a75dd43d696eab0f9f340f9bf2f3ec805ab0f2f1de5135a426c

    • SSDEEP

      49152:4AMVFST+K4IV+Okq5gza804uttBkBVSHytYziSEI6WoAgdGXL:0FfK4ql5Ivu8kuSEdAgd+L

    Score
    7/10
    discovery
    behavioral21

    • Target

      lib/IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar

    • Size

      5.5MB

    • MD5

      f323bd3b1e342a856bf3036453cd01b2

    • SHA1

      a8c48a731c350d1514ddcc6a99738cb93277fe14

    • SHA256

      64bc153889ab341d4ec8e693fafe117651d3b627d1a608dad951f5b030aab26f

    • SHA512

      764e1643f2f0b2a5c64e2fd52b2ed8cb3597469ec7ea2c28c2009c0d0b1f5e1dbbcc12b6cf36e94ae7db53bb9d118cd3d33ad92de0c3e256b751c5085e3489a4

    • SSDEEP

      98304:P6AIWvMbHGfr92I0e+y4VsDcl7oDWdfV5Nxny4f4OrnFxoKl5Yggs4xZ7Br0e5u4:P6vsMCD9SDyW3ZJTLrUPjff

    Score
    7/10
    discovery
    behavioral22

    • Target

      lib/IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar

    • Size

      464KB

    • MD5

      7e5e3d6d352025bd7f093c2d7f9b21ab

    • SHA1

      ad9bfc2c3d70c574d34a752c5d0ebcc43a046c57

    • SHA256

      5b37e8ff2850a4cbb02f9f02391e9f07285b4e0667f7e4b2d4515b78e699735a

    • SHA512

      c19c29f8ad8b6beb3eed40ab7dc343468a4ca75d49f1d0d4ea0b4a5cee33f745893fba764d35c8bd157f7842268e0716b1eb4b8b26dcf888fb3b3f4314844aad

    • SSDEEP

      12288:pyfuv+DnikW2IfqFXKzNGNyyRmfD4vCgdiRST:pLWDnid2IfZGAyAfczdig

    Score
    7/10
    discovery
    behavioral23

    • Target

      lib/IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar

    • Size

      19KB

    • MD5

      0a79304556a1289aa9e6213f574f3b08

    • SHA1

      7ee3bde3b1777bf65d4f62ce33295556223a26cd

    • SHA256

      434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79

    • SHA512

      1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e

    • SSDEEP

      384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2

    Score
    7/10
    discovery
    behavioral24

    • Target

      lib/IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar

    • Size

      250KB

    • MD5

      fe734f7ab030363362fe3d3ba5e8f913

    • SHA1

      2e9d54e3b410557c51c3ea101d66efbb5266b80a

    • SHA256

      03ead999502aefbf1380bd2e9c4a407acb7a92a7b2fe61f6995aba3fca85efd4

    • SHA512

      303ecea5f3f1130f473cde0d78270090290b6f13311bf7459282257ac3097b2b6086db461183f2d8c97a9101372155bf59bbfa12a74925136d0a2a615b648b2a

    • SSDEEP

      6144:N9O6oWKMhMhoC6S2eHrZdN6crK6Kj5HX0zrwvZC:bKy0Pj2eHFdNlrK5HkQvZC

    Score
    7/10
    discovery
    behavioral25

    • Target

      lib/IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar

    • Size

      688KB

    • MD5

      6696368a09c7f8fed4ea92c4e5238cee

    • SHA1

      f89c282e557d1207afd7158b82721c3d425736a7

    • SHA256

      c25d7a7b8f0715729bccb817e345f0fdd668dd4799c8dab1a4db3d6a37e7e3e4

    • SHA512

      0ab24f07f956e3cdcd9d09c3aa4677ff60b70d7a48e7179a02e4ff9c0d2c7a1fc51624c3c8a5d892644e9f36f84f7aaf4aa6d2c9e1c291c88b3cff7568d54f76

    • SSDEEP

      12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK

    Score
    7/10
    discovery
    behavioral26

    • Target

      lib/IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar

    • Size

      226KB

    • MD5

      5134a2350f58890ffb9db0b40047195d

    • SHA1

      751f548c85fa49f330cecbb1875893f971b33c4e

    • SHA256

      2d43eb5ea9e133d2ee2405cc14f5ee08951b8361302fdd93494a3a997b508d32

    • SHA512

      c3cdaf66a99e6336abc80ff23374f6b62ac95ab2ae874c9075805e91d849b18e3f620cc202b4978fc92b73d98de96089c8714b1dd096b2ae1958cfa085715f7a

    • SSDEEP

      3072:2DiL6hR+wm60gqZjJhqo2M04r7bv1XMrMxw1rl1rwj+Bmd6dYBmkW1eIjEmFdbl6:bq0jSi2Qi1B1Cay6dYBUwmPxLe3

    Score
    7/10
    discovery
    behavioral27

    • Target

      lib/lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar

    • Size

      50KB

    • MD5

      d093f94c050d5900795de8149cb84817

    • SHA1

      54058dda5c9e66a22074590072c8a48559bba1fb

    • SHA256

      4bec0794a0d69debe2f955bf495ea7c0858ad84cb0d2d549cacb82e70c060cba

    • SHA512

      3faaa415fba5745298981014d0042e8e01850fccaac22f92469765fd8c56b920da877ff3138a629242d9c52e270e7e2ce89e7c69f6902859f48ea0359842e2fb

    • SSDEEP

      1536:1shuTqhiMtf/2PXkXgjYcO1556i/canPH1y3F95grf5CjdKBfn602ZhqsNgsSJ+y:nw1pywCjUfnX

    Score
    7/10
    discovery
    behavioral28

    • Target

      lib/llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar

    • Size

      16KB

    • MD5

      fde38932b12fc063451af6613d4470cc

    • SHA1

      bc08c114681a3afc05fb8c0470776c3eae2eefeb

    • SHA256

      9967ea3c3d1aee8db5a723f714fba38d2fc26d8553435ab0e1d4e123cd211830

    • SHA512

      0f211f81101ced5fff466f2aab0e6c807bb18b23bc4928fe664c60653c99fa81b34edf5835fcc3affb34b0df1fa61c73a621df41355e4d82131f94fcc0b0e839

    • SSDEEP

      384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y

    Score
    7/10
    discovery
    behavioral29

    • Target

      plugins/BSoDProtection/BSoDProtection.dclib

    • Size

      4KB

    • MD5

      01cf1216e05db01045b380567ad7c7ba

    • SHA1

      fbf1d18116ff87486b10c8b30ff97a54e35d1844

    • SHA256

      90fe1282ed598989f4f8840fb0c96da33051227c1ec58df89ce9149234fb9e77

    • SHA512

      e581811c6673e530ee36e4cffec32e2b145b5a4f4b6d0b6b09bee56ea1e0e5c09f886590cfd19e2e593151e67dbff018e957ee5cb8d408abc97fa9a1ba61ef7c

    Score
    1/10
    behavioral30

    • Target

      plugins/BlockInputPlugin/BlockInputPlugin.dclib

    • Size

      4KB

    • MD5

      0ff4a0fdd4f59394ce4f2348c2cb56be

    • SHA1

      cf38b28aa4e40a39d50bb8f83135d8a4bac476ed

    • SHA256

      42b00dfff36a087a0e7b96741ba7894477adc079685793781131084d8f258d12

    • SHA512

      a2298f3b40e6ded764f5ca674c035e78d03028c90f6c4045a4370fa16a98a547c58f850f8565d4cef555554790a2f6e4c752cd305945948ec0dc3fb2c80531b4

    Score
    1/10
    behavioral31

    • Target

      plugins/BuildInstallationTweaksPlugin/BuildInstallationTweaksPlugin.dclib

    • Size

      38KB

    • MD5

      1c5de1530b5a4c9f0c558262beaea37f

    • SHA1

      c27d79a882cc85a90080d9e0857d756dac8f5b92

    • SHA256

      b8f2297493ec805c84a38dce4ed667c9c7c8602dab506bbaff62b03a20f5ad58

    • SHA512

      7abec00227e01b9e941c5b381db53a26920c3719c14db37a1cc78457bc1bf3886ad589aeb35bc229d9b444cb5738a82a79136353139de95a5d0d4353e8feb398

    • SSDEEP

      768:qlSqQtGp4OeYWl/3b0nc2cKrBj+4Ga54qPxIdvlQLqKFj1CZLTAV3zD0R2gyIY3:qlSlGpzeYc/otG3qPxIJmWKFj1CZLTA/

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

11
T1222

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxzgrat
Score
10/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

zgratrat
Score
10/10

behavioral17

zgratrat
Score
10/10

behavioral18

Score
1/10

behavioral19

upx
Score
7/10

behavioral20

persistence
Score
4/10

behavioral21

discovery
Score
7/10

behavioral22

discovery
Score
7/10

behavioral23

discovery
Score
7/10

behavioral24

discovery
Score
7/10

behavioral25

discovery
Score
7/10

behavioral26

discovery
Score
7/10

behavioral27

discovery
Score
7/10

behavioral28

discovery
Score
7/10

behavioral29

discovery
Score
7/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10