GravityRAT Malware Sample Download

GravityRAT is an Advance Persistence Threat (APT) that allegedly targets India, United States and United Kingdom. GravityRAT uses Microsoft Word as a medium to proliferate. Once the user open the document it insisted to enable macros upon which is executes the zipped payload.

gravityrat word document GravityRAT once successfully executed collects MAC Address, Computer name, Username, IP address, Date, Steal files with the following extensions: .docx, .doc, .pptx, .ppt, .xlsx, .xls, .rtf and .pdf send to its command and control servers.

GravityRAT is written in .net, which can easily be de-compiled the authors do not pay attention to code obfuscation yet they hugely emphasize on Anti-VM techniques that include registry key check, wmi querying, MAC address checking, counting CPU cores and importantly and some what different i.e. checking the temperature of the CPU which is not supported by the virtual machines and hence notify the malware that its been analyzed. GravityRAT signatures are as follows.
MD5: ec629f648434fc3d17e9561532d038c8
SHA1: 1a1b5976acb4cd25c1e225473a64a67438222768
SHA256: 1c0ea462f0bbd7acfdf4c6daf3cb8ce09e1375b766fbd3ff89f40c0aa3f4fc96
SSDEEP: 12288:R4SDevqYyLLh0DOvSbPPqJLtkrZn0K8nvXg1:R4SDevzyLLeSWPiXk98Y

GravityRAT Sample Download

Download GravityRAT Malware Sample

Download GravityRAT PCAP

Download GravityRAT PCAP

The password of the zip is: infected
© Tutorial Jinni