Extracted

• • Target

    aba32a475dcafdf4c6357205803e4cc0

  • Size

    2.0MB

  • MD5

    aba32a475dcafdf4c6357205803e4cc0

  • SHA1

    0d063e81d9b4df0fcf358c24720457f9037cde06

  • SHA256

    704e26dbdebc8b3ad1391f5b9d671f8b9550609455821540151ff70e17bed798

  • SHA512

    04e55bff24005489988e54926afa9addc1b457881525ae1a1cf9a73f05928e7347f906959e1689019c73112c181f6f718118f7630ada8eadfa424bac918cad67

  • SSDEEP

    49152:6fZxU7wsypA6knAgog2u6Fw4teOQBOTe:6TJsyNGAGGekT

  Score

  10^/10

  bitratzgratrattrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2