Extracted

• • Target

    Nvokcuobkn.exe

  • Size

    51KB

  • MD5

    8647ffb0d889ea1933f7a4e7771094c0

  • SHA1

    5c20b6cf56287c18566e50b0249e6cd9285f3ca3

  • SHA256

    6570e239d47518afaf8baeed1da31b475ec07ee1256e85bd0318d397f40d4e5c

  • SHA512

    26c47cf2ceb3a6e7d3d3b7f7d8934d6d769d31d9d279479a141df6ae2057e8b2644e12a225f56e5306529133e1a793b9500e5633732ef586464ea2c8fd43957c

  • SSDEEP

    768:ibNdv/q2bAXYN+/sHyIoY1Dufiy1SSP4+acdU9/nKPUTV4A5Ynn8w/Ayfmxx:i+7+1DZy1LfaF/nEUitnn8gAyfw

  Score

  10^/10

  zgratpersistenceratbitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2