Extracted

• • Target

    file30028.exe

  • Size

    907KB

  • MD5

    c57847b414a71896c6b912649eaafe03

  • SHA1

    a96ba25b276854b7b11c846329fe64088706ebb8

  • SHA256

    b37c5a75cb114df4c9d918cc41e3afd02de7a1d1c2ea5fc1e60413e229d24817

  • SHA512

    69f0bfe7c05523e817950fc57bcee0bba26548515fbd7823e60472d569854d726e7e3ef36ff4c446042bf3448b39583afa36cf1bfd05c5c7b4d91348a1cfb521

  • SSDEEP

    12288:Z3IU8S6eUdMWmkAsCJr5WXoSRgakpzmW5722yyDFZ9UedS1Mh:RItSAdHCJVsfmDry6FZ9ddaM

  Score

  10^/10

  agentteslazgratkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2