Extracted

• • Target

    10243ce788b5dcbbf248058fe196f371.exe

  • Size

    498KB

  • MD5

    10243ce788b5dcbbf248058fe196f371

  • SHA1

    0da95887908b6ada23c698de6cf2f3f986655721

  • SHA256

    8bf51ccb2646d38af6778a0712c78415e113b1393509afdc16c97a0bfb91eb55

  • SHA512

    a990028f8a9b4cce76c2409f95837436d61dc7038d1365d669fd9143f75580e74e4f9f013934435a1ca9e0c1360bbebfe276ea4328ab9d7bd26c6c7c63e83160

  • SSDEEP

    12288:nicNb5chlOMdRL8m6alMG/njrPIRp4tbhknaSJ8XC0x:tqhPRL8m6alMG/njrPIRp496aLXC0

  Score

  10^/10

  snakekeyloggerzgratkeyloggerratstealer

  • Detect ZGRat V1

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2