Extracted

Extracted

Extracted

Extracted

• • Target

    3d75e7230bf434ceff8710174ee115b8.exe

  • Size

    285KB

  • MD5

    3d75e7230bf434ceff8710174ee115b8

  • SHA1

    6db9c713d70d8f3715db9ef4139669d8d110c4e9

  • SHA256

    6c4aaf39142db9f2d3adc6f3a90d986a55fd54273be564d61a4cc229e55131af

  • SHA512

    3ae69eb16c4866b89b9a4ff48f75ea4bbed5d39ae63f2e4c3b51d04af6137b3ba9e11e17818f0afeb788abbae060256b936a1ff626497b181990328a4b6cf3b8

  • SSDEEP

    6144:vyU1zKCKVDp3Cbitu7gJzmgkYUDBg8ZHAO0Jb8CuZoHI66G:vyU1K9pv6RZH2nuZn66G

  Score

  10^/10

  gluptebaredlinesmokeloaderzgrat@ytlogsbotlivetrafficbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealertrojaneternity

  • Detect ZGRat V1

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    evasiontrojan

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Modifies boot configuration data using bcdedit

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Modifies Windows Firewall

    evasion

  • Stops running service(s)

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2