GravityRAT Malware Sample Download
GravityRAT is an Advance Persistence Threat (APT) that allegedly targets India, United States and United Kingdom. GravityRAT uses Microsoft Word as a medium to proliferate. Once the user open the document it insisted to enable macros upon which is executes the zipped payload.
GravityRAT once successfully executed collects MAC Address, Computer name, Username, IP address, Date, Steal files with the following extensions: .docx, .doc, .pptx, .ppt, .xlsx, .xls, .rtf and .pdf send to its command and control servers.
GravityRAT is written in .net, which can easily be de-compiled the authors do not pay attention to code obfuscation yet they hugely emphasize on Anti-VM techniques that include registry key check, wmi querying, MAC address checking, counting CPU cores and importantly and some what different i.e. checking the temperature of the CPU which is not supported by the virtual machines and hence notify the malware that its been analyzed.
Update: Download GravityRAT Android Version
Update: Download GravityRAT macOS Version
GravityRAT signatures are as follows.
The password of the zip is: infected
GravityRAT once successfully executed collects MAC Address, Computer name, Username, IP address, Date, Steal files with the following extensions: .docx, .doc, .pptx, .ppt, .xlsx, .xls, .rtf and .pdf send to its command and control servers.
GravityRAT is written in .net, which can easily be de-compiled the authors do not pay attention to code obfuscation yet they hugely emphasize on Anti-VM techniques that include registry key check, wmi querying, MAC address checking, counting CPU cores and importantly and some what different i.e. checking the temperature of the CPU which is not supported by the virtual machines and hence notify the malware that its been analyzed.
Update: Download GravityRAT Android Version
Update: Download GravityRAT macOS Version
GravityRAT signatures are as follows.
MD5: ec629f648434fc3d17e9561532d038c8 SHA1: 1a1b5976acb4cd25c1e225473a64a67438222768 SHA256: 1c0ea462f0bbd7acfdf4c6daf3cb8ce09e1375b766fbd3ff89f40c0aa3f4fc96 SSDEEP: 12288:R4SDevqYyLLh0DOvSbPPqJLtkrZn0K8nvXg1:R4SDevzyLLeSWPiXk98Y
GravityRAT Sample Download
Download GravityRAT PCAP
The password of the zip is: infected
Click to Load Comments
