Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    24399faba0dd69e177f5e340774c34ddec6cb8a9d4a13926cddeaceaa76eaa1d

  • Size

    896KB

  • MD5

    38ae2593e76e7486fa01d8df8a9451cd

  • SHA1

    c2ffdf1dee5519eeb90f4937fa700b087d65a63f

  • SHA256

    24399faba0dd69e177f5e340774c34ddec6cb8a9d4a13926cddeaceaa76eaa1d

  • SHA512

    3a63f544fbdc67d47ff82ac2a588858a37e167c2e244af56acc88abb21bae55468861bc123db29070249269d9a07642ba562c9452f3a5a0ae9ccff825000858b

  • SSDEEP

    12288:LOsSmtwUJo7a0d0Fry0+8/GSEYIZHcJfxWqg1u+CHOqZsq:LO7mtwUJo7a0dAP5/GxZ8qr

  Score

  10^/10

  amadeygluptebaraccoonredlinesectopratsmokeloaderzgrat6a6a005b9aa778f606280c5fa24ae595gromekinzapixelnewup3backdoordropperinfostealerloaderpersistenceratstealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect ZGRat V1

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Raccoon Stealer payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2