Extracted

• • Target

    a97286be2249f7896f0a5c171deb80d0

  • Size

    2.5MB

  • MD5

    a97286be2249f7896f0a5c171deb80d0

  • SHA1

    f10351ff6bc3fbababea9bdf13be7e7e4a7d04e5

  • SHA256

    95211867154e018e2ab4ca9cb0b4fdf18c2ba79a312ccb01eba95b2eb899d0bd

  • SHA512

    bbdce4fe5ef2dcebc15ce92d174cb776de79404c70ab660c4bc5e9546004719c0e180dd185bec1dffc57a0d1be3ba76775b967a0c95f87bb1337a9c4ba110984

  • SSDEEP

    49152:KDVzY8tMlX0pXGRMuK3JaEzXW+DHFgmDY8HrsjhqWl:PKGX0ARVK3J5zG+DH2IYysjhRl

  Score

  10^/10

  zgratpersistenceratbitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2