Extracted

• • Target

    ORDINE AR2330GTD 2023.exe

  • Size

    666KB

  • MD5

    3799fa4b4d57013880952ec3793b30fd

  • SHA1

    9cd4bba363b97b73c7ccc60706ac8dcc1d3a8fc3

  • SHA256

    aa3875e92ca68427530c01b40918bb498b1e134a1c43b80e155b97e2e1569d67

  • SHA512

    447ccbe8d01907eda242c0817938439c4969beb91cc0186288d71cb1cce3f285b98c2850c373475ee763ab6dbe726f3db76d8a295044990a102faed5ec418fb3

  • SSDEEP

    12288:SX5+4WpAEWy7R5Q22K1K35341Xx+wEKMPOdkNN6n62/MuFwZf0GvxHvLz3p3+:PpAErK22K0ix+uMPbYnTMKsfB5vv3

  Score

  10^/10

  agentteslazgratcollectionkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2