Extracted

• • Target

    cf3102636a070178cf575bc0e870fda7aa32d94dd6000d46de7205d064b0bd40.exe

  • Size

    6.6MB

  • MD5

    e43b76667963ad1cdf1f1603a1a67b79

  • SHA1

    a091aad8999eb8c9b833091044b6d7a0a89e4a4e

  • SHA256

    cf3102636a070178cf575bc0e870fda7aa32d94dd6000d46de7205d064b0bd40

  • SHA512

    d14c1e47759b176bff29bd2b50ff6abec4714cebc94b3408cb0ee4cecafa290212aac9ca3a5849a1bc4efbea50b9a50fe5d59d465b3245ebca34457a57a1abf1

  • SSDEEP

    196608:SAERid74MOMmrcKlW17Lv3+btkw0NBIdA8gkt8sYg:SA8idEMmrHlW1fWJtFBv

  Score

  10^/10

  meduzapurelogstealerzgratcollectionratstealer

  • Detect ZGRat V1

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • PureLog Stealer

    PureLog Stealer is an infostealer written in C#.

    stealerpurelogstealer

  • PureLog Stealer payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2