Extracted

• • Target

    8d8676c68f72dbc38fb5e6aea9bface2

  • Size

    2.5MB

  • MD5

    8d8676c68f72dbc38fb5e6aea9bface2

  • SHA1

    6d1161bb446902b7810191460534bcfc16d60a93

  • SHA256

    2dfe2bfefe91c1209836e4017cb2a3bb001a6de6314545f8a8eb6794a2adc204

  • SHA512

    89bbaf8ade5fb327146df1daa403f98618bfa61cb0fe3b77fd9cde655ba11025105e50a15b198844c33180d6ca928dca032431009201969805199e719c11f316

  • SSDEEP

    49152:g05hmzZS+dwD9Z6ysSSsEa1xox6Qn6ZDun:YzZBWsSSsEYxot6Zin

  Score

  10^/10

  bitratzgratpersistencerattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2