flawedgracerat | 5e3d4b78a4e8b0ecfec4ffc6d88b149847f769a9e1984e48691d3b19b7931b2aN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5e3d4b78a4e8b0ecfec4ffc6d88b149847f769a9e1984e48691d3b19b7931b2aN.exe
Size

440KB
MD5

e41a83be36bc6aad3b98ae06f1c33810
SHA1

ea0b51709e1e327074440bae3d91bf91268e2d96
SHA256

5e3d4b78a4e8b0ecfec4ffc6d88b149847f769a9e1984e48691d3b19b7931b2a
SHA512

dfc5d134f2680986ff78fcd6e2ae97d1f97d7df28907d34e7601fbaefb9b933dd3dc2020e01dfcf0ed3e7ea606dcbb00054bcec0dfc35e9c153bf434dec75f3e
SSDEEP

12288:xnqTWGJPOTKvPp5zAUWwy3e5Qy2ylggolTArqn1IJ:EP7coQy5lgBlTAr+eJ

Score

10^/10

backdoor flawedgracerat

Malware Config

Signatures

FlawedGraceRat Backdoor 1 IoCs

Detects FlawedGraceRat x64 backdoor in memory.

backdoor

resource	yara_rule
sample	flawgrace_bdoor_x64

Flawedgracerat family
flawedgracerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e3d4b78a4e8b0ecfec4ffc6d88b149847f769a9e1984e48691d3b19b7931b2aN.exe

Files

5e3d4b78a4e8b0ecfec4ffc6d88b149847f769a9e1984e48691d3b19b7931b2aN.exe
.dll windows:5 windows x64 arch:x64

bb9251824b9d21dcc9c9a3d0ede9e7ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

htons
inet_addr
socket
getaddrinfo
freeaddrinfo
WSAGetLastError
connect
ioctlsocket
setsockopt
__WSAFDIsSet
closesocket
shutdown
send
recv
getsockopt
WSAStartup
WSACleanup
select

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader

kernel32

FindNextFileA
FindFirstFileExA
FindClose
HeapReAlloc
LCMapStringW
EncodePointer
GetStringTypeW
GetFileType
LocalFree
GetStdHandle
GetACP
HeapFree
ExitThread
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryW
GetModuleHandleW
WriteFile
CreateFileW
CloseHandle
SetFilePointerEx
FlushFileBuffers
WaitForSingleObject
IsValidCodePage
CreateEventW
GetLastError
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleA
GetNativeSystemInfo
GetTickCount
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
TlsFree
Sleep
SetEvent
CreateThread
ResetEvent
DeleteCriticalSection
CreateSemaphoreW
CompareStringW
MultiByteToWideChar
CompareStringA
WideCharToMultiByte
WaitForMultipleObjects
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
LoadLibraryExW
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
HeapSize
WriteConsoleW
TlsGetValue
TlsSetValue
InitializeCriticalSection
ExitProcess
GetModuleHandleExW
GetModuleFileNameA

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority

oleaut32

VariantClear

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb9251824b9d21dcc9c9a3d0ede9e7ee

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

ntdll

kernel32

advapi32

oleaut32

Sections

.text Size: 304KB - Virtual size: 302KB

.rdata Size: 104KB - Virtual size: 101KB

.data Size: 4KB - Virtual size: 18KB

.pdata Size: 16KB - Virtual size: 14KB

.gfids Size: 4KB - Virtual size: 232B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 304KB - Virtual size: 302KB

.rdata
Size: 104KB - Virtual size: 101KB

.data
Size: 4KB - Virtual size: 18KB

.pdata
Size: 16KB - Virtual size: 14KB

.gfids
Size: 4KB - Virtual size: 232B

.reloc
Size: 4KB - Virtual size: 1KB