flawedgracerat | acfe65cf08cb8b8239b27d762f68f6602210b686cd88438a24f6c77d8524ff46 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-03-22...uk.exe

windows7-x64

2025-03-22...uk.exe

windows10-2004-x64

Sharing

General

Target

2025-03-22_b2a31ff4048cc5c9ec4e5d44e742a94b_ryuk
Size

905KB
Sample

250322-mv5cdavry5
MD5

b2a31ff4048cc5c9ec4e5d44e742a94b
SHA1

63892286dd4505971f1c061b70e21c6760bddc47
SHA256

acfe65cf08cb8b8239b27d762f68f6602210b686cd88438a24f6c77d8524ff46
SHA512

f74ce6a4767503ea1ce8d3f6fba89a9acf25abe3d6e53c2c0acbdba20dc56c834949203dd46ad10a06166912f0cd222b9ae9e3c9db8eb011672d86f17ee69c3f
SSDEEP

12288:CthJIq+H3rw6R59ES7lWtE02rBzhzasvJZlDvRHeplOwFGwhMTSVTPEDSukrEOIe:CX+qS7ZGSL5FxJPp+ewwwh2SZAO

Score

10^/10

flawedgracerat backdoor defense_evasion loader persistence privilege_escalation rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-03-22_b2a31ff4048cc5c9ec4e5d44e742a94b_ryuk.exe

Resource

win7-20241010-en

flawedgracerat backdoor defense_evasion loader persistence privilege_escalation rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-22_b2a31ff4048cc5c9ec4e5d44e742a94b_ryuk.exe

Resource

win10v2004-20250314-en

flawedgracerat backdoor defense_evasion loader persistence privilege_escalation rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-03-22_b2a31ff4048cc5c9ec4e5d44e742a94b_ryuk
- Size
  
  905KB
- MD5
  
  b2a31ff4048cc5c9ec4e5d44e742a94b
- SHA1
  
  63892286dd4505971f1c061b70e21c6760bddc47
- SHA256
  
  acfe65cf08cb8b8239b27d762f68f6602210b686cd88438a24f6c77d8524ff46
- SHA512
  
  f74ce6a4767503ea1ce8d3f6fba89a9acf25abe3d6e53c2c0acbdba20dc56c834949203dd46ad10a06166912f0cd222b9ae9e3c9db8eb011672d86f17ee69c3f
- SSDEEP
  
  12288:CthJIq+H3rw6R59ES7lWtE02rBzhzasvJZlDvRHeplOwFGwhMTSVTPEDSukrEOIe:CX+qS7ZGSL5FxJPp+ewwwh2SZAO
Score

10^/10

flawedgracerat backdoor defense_evasion loader persistence privilege_escalation rat
- FlawedGraceRAT
  FlawedGrace is a full-featured RAT written in C++.
  rat flawedgracerat
- Flawedgracerat family
  flawedgracerat
- FlawedGraceRat Backdoor
  Detects FlawedGraceRat x64 backdoor in memory.
  backdoor
- FlawedGraceRat Loader
  Detects FlawedGraceRat x64 loader in memory.
  loader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedgraceratbackdoordefense_evasionloaderpersistenceprivilege_escalationrat

behavioral2

flawedgraceratbackdoordefense_evasionloaderpersistenceprivilege_escalationrat

© 2018-2025

Terms | Privacy