Extracted

• • Target

    08e2246fa2d8e30547f8c42acb82c305.exe

  • Size

    3.1MB

  • MD5

    08e2246fa2d8e30547f8c42acb82c305

  • SHA1

    13e4ef288407cee06c4819ce6d3dde27e8535334

  • SHA256

    512eae984c0fd479fdcd2f73253fc52adeed18d104dff390b5b9563b3ca8dff5

  • SHA512

    8e29ba0b236ccf279a8628b26fecbcf1787add8528974b7d85771cc3dae2ff052ce0b3f71d73ac2d7ae9ed20d53dda98c4885c0046c6042e9199149a4ad3c186

  • SSDEEP

    49152:p7cguPcJ1auqGqomYaXuRq/BxxjAoV4sROsaChi39Q5kr0gNf5dpDrYN:NplJhqQ4ueB8UQSw9Q5K3nYN

  Score

  10^/10

  asyncratzgratdefaultrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2