Overview

overview

10

Static

static

3

RubyWave -...AI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RubyWave - warface AI.exe

  • Size

    1.7MB

  • Sample

    240506-ncbssaaa6x

  • MD5

    1c57c869d17b810587914329105f2419

  • SHA1

    0fde9cfafacadab5024fb620635bcf3f30327b16

  • SHA256

    a792c75b9d064e82010ed25e4d7d0542278959d3989c4b3187a5885100e11d14

  • SHA512

    0bb106e7210928117d10d9bfc75d46629f9a26b9c52727ae2d9cf243ff8adb1035017b5b4bac7b81d3a81f4c2ac85c817b2b7cd644760d876f9098c5f265fe2d

  • SSDEEP

    24576:2TbBv5rUyXVYGGT0AJ8lFQbLOt5UcaNuMIuw1pLw9JShkvUOFe/B13279F2wGn2V:IBJxa/Wla+UwMnELmRvUHGz5G2PllP9

Score
10/10
zgratrat

Malware Config

Targets

    • Target

      RubyWave - warface AI.exe

    • Size

      1.7MB

    • MD5

      1c57c869d17b810587914329105f2419

    • SHA1

      0fde9cfafacadab5024fb620635bcf3f30327b16

    • SHA256

      a792c75b9d064e82010ed25e4d7d0542278959d3989c4b3187a5885100e11d14

    • SHA512

      0bb106e7210928117d10d9bfc75d46629f9a26b9c52727ae2d9cf243ff8adb1035017b5b4bac7b81d3a81f4c2ac85c817b2b7cd644760d876f9098c5f265fe2d

    • SSDEEP

      24576:2TbBv5rUyXVYGGT0AJ8lFQbLOt5UcaNuMIuw1pLw9JShkvUOFe/B13279F2wGn2V:IBJxa/Wla+UwMnELmRvUHGz5G2PllP9

    Score
    10/10
    zgratrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks