Extracted

• • Target

    d4aa07253504503adbe12331ee6149b6

  • Size

    15KB

  • MD5

    d4aa07253504503adbe12331ee6149b6

  • SHA1

    0cc08ce3b73d40946c1b6fbc89000e927269ee97

  • SHA256

    cea50bb5162cb062f9c1bb03ce6a5d59b2247d0fbeec76e47948b1f90fe5f7cc

  • SHA512

    73b0e39becc8c952e2dd79eba0c4392241fc3791c4dd5657153eed20b006e8bee03ecc924c00160de5b70095d84924d3406cef17b261c317dd753c1be611a039

  • SSDEEP

    384:nopx1TLpuWfBB7x+zbtBc1XyaWTQFPDsyhLWtPpxtfUKTW:418WJ8b4myhitPH9

  Score

  10^/10

  evasiontrojanredlinesectopratzgratcheatdiscoveryinfostealerratspywarestealer

  • Detect ZGRat V1

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • UAC bypass

    evasiontrojan

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2