Extracted

Extracted

Extracted

• • Target

    b102a66131bb626d15bdfe4ea538ec91813553746bbf658fbe146d5039c5e2a1

  • Size

    552KB

  • MD5

    422633bc625066af6f3d16ba3a61e329

  • SHA1

    6db9d5be33356940c28d72988d07d8071f36c82c

  • SHA256

    b102a66131bb626d15bdfe4ea538ec91813553746bbf658fbe146d5039c5e2a1

  • SHA512

    2dd0aa18f47f4ece9ba8bac20633aef2d0d72a3e796ca991a3ac09edf3e6c2783468a4b90e44ecf3c863f5bb99ab9804e90707ad561e9d4d994d152bf734b4b5

  • SSDEEP

    12288:CMrxy90/0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6YsSfI:jy2iaaewIsgCQGIgYDqzw

  Score

  10^/10

  gluptebaredlinesectopratsmokeloaderzgratpixelnew2.0up3backdoorgoogledropperinfostealerloaderpersistencephishingrattrojan

  • Detect ZGRat V1

  • Detected google phishing page

    phishinggoogle

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1