Sample name: | yX8787W7de.exerenamed because original name is a hash value |
Original sample name: | 10f54a1a68bce057dc9abbc2851a6235.exe |
Analysis ID: | 1431967 |
MD5: | 10f54a1a68bce057dc9abbc2851a6235 |
SHA1: | aa70b6be5f6e35655d0a5e25c450b47f4a23ffd0 |
SHA256: | d0be212a60bf7479492be23497cf0e933b8c6fda4e68b0d9724c7dc18e30fa37 |
Tags: | DCRatexe |
Infos: | |
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
DCRat | DCRat is a typical RAT that has been around since at least June 2019. | No Attribution |
|
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
zgRAT | zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on. | No Attribution |
|
AV Detection |
---|
Source: |
Avira: |
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link |
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link |
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
Source: |
Joe Sandbox ML: |
Source: |
Static PE information: |
Source: |
Directory created: |
Jump to behavior | ||
Source: |
Directory created: |
Jump to behavior |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Spreading |
---|
Source: |
System file written: |
Jump to behavior |
Source: |
Code function: |
0_2_0012A69B | |
Source: |
Code function: |
0_2_0013C220 |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Networking |
---|
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
||
Source: |
Snort IDS: |
Source: |
Process created: |
Source: |
ASN Name: |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
Source: |
UDP traffic detected without corresponding DNS query: |
Source: |
DNS traffic detected: |
Source: |
HTTP traffic detected: |
Source: |
HTTP traffic detected: |