Extracted

• • Target

    0ffd98ee730d075f964045eb2538fb640a816b9db9c20fba0b9a66fb52a7c068

  • Size

    455KB

  • MD5

    39f8e1c34c1a6e6aa1fa544a62f6153d

  • SHA1

    4ff01ce75ce3062f960ff31c86f94d88632fce5a

  • SHA256

    0ffd98ee730d075f964045eb2538fb640a816b9db9c20fba0b9a66fb52a7c068

  • SHA512

    21512c4e99a7dbd3ed5d18733980e52c739304815f964f50c7e6b8ee205410e57bc8c56afa97cfe6c6dd7215cb6ab14c020d6cdbebbe69eef9318a2e90db01e9

  • SSDEEP

    6144:/kQovcEzShy9BhYyKVPJq/URCX68fELkHlVAwmN8HGPq1Mv4qb4/V:8QoUgSUAnRCL8YHLAWH9eAU4/V

  Score

  10^/10

  sectopratstealczgratdiscoveryratspywarestealertrojan

  • Detect ZGRat V1

  • Detects Arechclient2 RAT

    Arechclient2.

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2