Extracted

• • Target

    2f3ba386f072b9d8b30ce22d9a5d6b3a6f3a96753db08e855c34787a9682eac3.exe

  • Size

    1.4MB

  • MD5

    0ef4ec326bc8a66d0edcb94df2767f4b

  • SHA1

    cfc402514e0722638b21dfef369f617ea7d4b556

  • SHA256

    2f3ba386f072b9d8b30ce22d9a5d6b3a6f3a96753db08e855c34787a9682eac3

  • SHA512

    333e886b1bca3f6b7317c7dfe405dad5ac1878c0fbf7901ceceebe3a9eddf40fbf74709376a9f2a327ad000693e9dd27484941928dabc6433d378ed18522fc2b

  • SSDEEP

    24576:oIJvKzcVkyEq9DRho1jFP8ltPP01Ws7+wFPEl9ix4fpUzoQDt+egElxdqFWVCGC:o4KzcCyEq9DRho/ctH01Ws74rA4RUBDI

  Score

  10^/10

  discoverypersistencespywarestealerasyncratzgratcrypterrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

  • Detects executables packed with ConfuserEx Mod

  • Detects file containing reversed ASEP Autorun registry keys

  • Blocklisted process makes network request

  • Modifies Installed Components in the registry

    persistence

  • Sets file execution options in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Registers COM server for autorun

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2