Extracted

• • Target

    ee012ccf95286d03ea9cc4d508fee46e_JaffaCakes118

  • Size

    780KB

  • MD5

    ee012ccf95286d03ea9cc4d508fee46e

  • SHA1

    03d86e7dad5b312e03bd3d928c1514f293d79051

  • SHA256

    2f9c6244fa0ed0d62188100de444fdd5244a3930ba845d5615322ff89e85bbf8

  • SHA512

    c9c95663c3a5e25d8e0d97870387b7ca7a735409297655c590f3117299b3feda7c47dd476ac8e207259f5ead961fe77dbbc5f1b3a2defbb99531bf78e3d656f2

  • SSDEEP

    12288:0l6ttSwR5amrYMNygJvPch2tFbwv7IhpSxITamCTnKeWzzJnWqN2Ev2K1Bc5BmM0:ryk5nCIhx6B

  Score

  10^/10

  matiexzgratcollectionkeyloggerratspywarestealer

  • Detect ZGRat V1

  • Matiex

    Matiex is a keylogger and infostealer first seen in July 2020.

    stealerkeyloggermatiex

  • Matiex Main payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2