Extracted

• • Target

    92ebe1666615b108e09981bc054cf76d7f4eeaa44595c813e01d419cd359fa8c

  • Size

    614KB

  • MD5

    a759e8c16420ac111730b3d85455c256

  • SHA1

    884078bf38588730be94b28b8d5c3ada281a301f

  • SHA256

    92ebe1666615b108e09981bc054cf76d7f4eeaa44595c813e01d419cd359fa8c

  • SHA512

    cff0141b03ea3d995de2820070de6987560428d97b3be587194bf2cc3abf912576aea0a72c635f9784b9ae436ec2334ba63ca9ed2ffef2ae50dfd4cf6a1f9a9a

  • SSDEEP

    12288:A3IU8S6eUdxD4vtaoAxdL3xgeLNu63RVJSw5KJ9rYT6IVva1Ec:+ItSAdxEjAxdDx3Nu63R9KvrY/Xc

  Score

  10^/10

  agentteslazgratkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1