Win32[.]GravityRAT[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Win32.GravityRAT.zip
Size

371KB
MD5

3ac1ede478f83cd857b5e4fcd06ef1cc
SHA1

39f3381d551bb4e566519894e898defef77faf7c
SHA256

67b1ab51d145ba14d6dd89e0c52652ffe243ae1e385e6cdc7d59caac9a57279d
SHA512

261b2f764622c7166aeb2a941a517a6568acd8614386273ffed82c230503f28fa7d830147fff6b56a0f077024bd498a89e2aba2023d0c8a2ad0307e68bd85679
SSDEEP

6144:wiHMcDMlsb3Rr3yNE1susk61gdeFo7bzF9alN4ve0cf1mmzAvteXb1Tb+DODhG/6:wiH9bBr3yNENsp1gkobzraHf0cf1rAvq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Win32.GravityRAT.exe

Files

Win32.GravityRAT.zip
.zip

Password: infected
Win32.GravityRAT.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\The Invincible\Desktop\gx\gx-current-program\LSASS\obj\Release\LSASS.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ