Extracted

• • Target

    cfbd28652bdc2f1c3a30d6ad3a77d408

  • Size

    1.8MB

  • MD5

    cfbd28652bdc2f1c3a30d6ad3a77d408

  • SHA1

    846254a9fd531785ffa0cfc34b30a6b47c4603d6

  • SHA256

    88a7e9929cb967f33475bc95d02e05449bcc7a04968777d5dffd3f33c8d1bad3

  • SHA512

    268a0fed1f93ad29138a03654cc5282ed09f3d6d9930282df2cdc46fc5851cc14d56a9833d899ebd8d80d3f6b611f00dc062143bf08ebf73e8c3863ad2f85a86

  • SSDEEP

    49152:JOxf2vTY5hgsgJ2a9N4FA3358pYwHvr/hou:pbEhda9N+A5UVhou

  Score

  10^/10

  zgratratbitrattrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2