Managed XDR

scratch-zoo-2025-05-11...a0c2d2fe85cec396ad93ef (Darktrack, Ozone RAT) — malware analysis report

File info

Filename
scratch-zoo-2025-05-11-7e3895945fa0c2d2fe85cec396ad93ef
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
627.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
d565177f404c40b9cf08c712896ebd64b7d272cb
SHA256
010f247abd6fa67bdaa6718b5b7897519b3134d90e2f96a79f6dfbb4f8a123ab
MD5
7e3895945fa0c2d2fe85cec396ad93ef

Malwares

  • Darktrack
  • Ozone RAT

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_sandboxie: Attempts to detect Sandboxie
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_sandboxie: Attempts to detect Sandboxie

Other

yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity

Related reports