Extracted

• • Target

    Scan_0366926812023.exe

  • Size

    694KB

  • MD5

    964b7d4d87d7b3e0399164197d8d32f1

  • SHA1

    48128fb0758e9c9ae80f5c3d3f4a3a51798b3431

  • SHA256

    22fe993d3d069bbd257db91dd0bc76cffabc3a67ac535e0cadc7e58649f78f49

  • SHA512

    5d151b87eca87a148dd025a0c4e87ba02bd82842b04666bff7b7ce92fbd65fc17f597343adc5ea75439aaf15fbf50e72c586f44efab995b369dd9ae1e0ad07de

  • SSDEEP

    12288:w3IU8S6eUd62pBI/NlGlPm5ITCIRMfiEw53QL+W5RlnVS7ga6k5:OItSAd62pZlRXRMfGV0+W5C5

  Score

  10^/10

  agentteslazgratcollectionkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2