Extracted

Extracted

• • Target

    011ea7874d4283dd836277fa880e228b

  • Size

    704KB

  • MD5

    011ea7874d4283dd836277fa880e228b

  • SHA1

    990de8c5104409e38bc9c33d246db07003c96dd0

  • SHA256

    dec6b08ad93d22660e040ff56d4a6523428243741af91d0980efd00dc2521951

  • SHA512

    06eda2f49680311c9d70015adfc0f05c3fadb92cde9d984a6852b088aafc1f39694e46dd97ecca19e97e42c22590d92b1e9a359d246227459350156d7feb7cfa

  • SSDEEP

    12288:FICNfU0r7Eimtj3QlxV5Ka4vbV124x7aWtO3RlUG5c4RFSIkuW8:pU0nEbj8NKa4P7O0KjRFC8

  Score

  10^/10

  azorultzgratinfostealerrattrojanoskispywarestealer

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Detect ZGRat V1

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2