Extracted

• • Target

    71d1f22830e0f40506171cda626891b4f954ec22f4a4cd0045b37f8d6c404451.exe

  • Size

    2.0MB

  • MD5

    b5829ea81cde8f48ba1190e20e6bb15d

  • SHA1

    51fbb15275360bbf2a866f339045527e941e1a85

  • SHA256

    71d1f22830e0f40506171cda626891b4f954ec22f4a4cd0045b37f8d6c404451

  • SHA512

    d84e43e6cf342d0e7696be6b1cbcf42dce5d1efe518f4949faa8841ee398a25a63a6e41440eb10ba0d276454ba73752c9ffb17eddbfd0813a636646663e26b4a

  • SSDEEP

    49152:aaXI0V7PoU9lHrHmvtiLGMIqCGLhRSCquJnm:3Y0V7gU9l2tiLGVGLhRvquJnm

  Score

  10^/10

  tofseezgratevasionexecutionpersistenceratspywaretrojan

  • Detect ZGRat V1

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Executes dropped EXE

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2