Extracted

• • Target

    tmp

  • Size

    653KB

  • MD5

    e878cf1fdb26cb2f05f11fbbea050b36

  • SHA1

    c12e3d33bf4c7a3484b20d71e7caa2d1d793f1ca

  • SHA256

    9cd108e6109466daee67e47f97eff7e9f1494f8b0a56b5f10eb0003d39d125a8

  • SHA512

    0a869c7c809c598714024bf1657b8dbd3e79345117f9ee3cef93b827808db62f696d5733f77c062e443e9a9adbe3cb8632272248f7ecfb360000ae114440dae8

  • SSDEEP

    12288:f43IU8S6eUdmKD+ldPxN15Jktn9Nz8zjUcRM7UeLCANXlIPrjycsSps3H:fWItSAdmKD+zPxN154n9Nlc2DLCQXSP0

  Score

  10^/10

  agentteslazgratkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2