Extracted

• • Target

    6a239782a002f49be71a6dfca139864c

  • Size

    792KB

  • MD5

    6a239782a002f49be71a6dfca139864c

  • SHA1

    6609a8974b80600598a64149340bad3989ecf780

  • SHA256

    722a5ea9b20e3a0b77f4f1628f763e46ccd4e87d284ac28997cec9874c479064

  • SHA512

    700385b2854878c8897a9733ac1288a67dfaa33bfeeef4a18286acfaf46e65a08cb2daec606edaee5421565e4f93508d254ae0834d466328174404db340b3b4a

  • SSDEEP

    12288:N9PUs72U6RTSRX8ALpieAmx4D9IumDgcVZObrC0Svr6bIXU7jxf62pI9G6DMzu:N9T729YMycQz5Babervr6koy2pgGLy

  Score

  10^/10

  a310loggerblustealerzgratcollectionpersistenceratspywarestealer

  • A310logger

    A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarea310logger

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • A310logger Executable

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2