Extracted

• • Target

    975d87e24e881a6d224d37b25a7c8a1d

  • Size

    1.7MB

  • MD5

    975d87e24e881a6d224d37b25a7c8a1d

  • SHA1

    836373fee93d77cf54eddc8c58a5b5fc2a6d259e

  • SHA256

    71c81318d16023aba7c537168d68b7d87eeeb085725d0904c3ea7298fc43d7e8

  • SHA512

    023291428628e04c9384b12ca4b2bc814b8bf81c713e00577eec17679d6b5de3f017838ff2b16f258553600678eec83f5f4972e8f9d9ab24eb7e969d26abfb35

  • SSDEEP

    49152:+kI4ZpVNoNhRfKW7dAF1EnB0TSgCYp5HwG+uTiVkD+bV:+YZpVidZC/aB6ZpGXWD+bV

  Score

  10^/10

  bitratzgratrattrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2