Extracted

• • Target

    209cb080e9ba32c3edc700532d80f1e61d221e02a685401726a56da013ea3fad

  • Size

    542KB

  • MD5

    846089595e9fd338a31e8ffad7b89acc

  • SHA1

    d220ecde6e8fa41c5b5fc3383ee09b8feba0a9dd

  • SHA256

    209cb080e9ba32c3edc700532d80f1e61d221e02a685401726a56da013ea3fad

  • SHA512

    0d204eb7b2180c5ca2f371cb22ec568c44261ae2668865c48e781002904d6f7756124b5dcd9a74e324fc1d069bd4637bfee0249f142dd068c4ff5ac520697f9f

  • SSDEEP

    12288:53IU8S6eUd+RJTgxDYS1b0lJ0lIkdg1NA0H8Ushjs+etbUe:xItSAd+R5g9pBIkdgsHjs+GI

  Score

  10^/10

  agentteslazgratcollectionkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2