Extracted

• • Target

    MV C.ATLAS PARTICULARS.exe

  • Size

    700KB

  • MD5

    40a6aec425ccce9fd1a8e402e27dbd6e

  • SHA1

    d916a1e0641091654f515b522c65f8cdc70851d3

  • SHA256

    ade5d471bce12136dbdb044a73285664d32453f79b3b224130bde18e9f0a48ad

  • SHA512

    89611b88bc5b535a4af006c9bf6593eca5b1b422a8329f4a65bf5b04ac97bce68fa3a99723a4bca8cf6782168629c8c3816f733eeeae3dd8bdf21fd2b32fda1f

  • SSDEEP

    12288:Tw3IU8S6eUdHvN7bc2MfNFEW1DOyhUPk2ztAQSNJWMN5:TOItSAdPN7bc2MfNOW1DOeUPk2aQSqK5

  Score

  10^/10

  agentteslazgratkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2