Extracted

• • Target

    responsibilityleadpro/responsibilityleadpro.exe

  • Size

    14.6MB

  • MD5

    7efdb8104be2cb54cb77ee615d9c6197

  • SHA1

    f937e4c7ce6151d2a662f180420ab8e6ac654ac5

  • SHA256

    40c251a8afb49d3b567a370e67ca7861a4cc2008c7deef39c3739284c1b7e3e8

  • SHA512

    77fc43b3e3b89bba626735e7dbc6129bfead17a430bffc61eee861bb6edfb477db74f6f646bad04de360f512fb6676e27cf739812fa628b308592a42295aded6

  • SSDEEP

    393216:sHCoIgksmCvTUu++OqYW1cVXWLkbl+L+QU+:4BIgLSu65W2V+1yQU+

  Score

  10^/10

  meduzazgratcollectionpersistenceratstealer

  • Detect ZGRat V1

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Executes dropped EXE

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1