Extracted

• • Target

    EXJ-CHPV-05-N01-001.exe

  • Size

    767KB

  • MD5

    57d4e5602ac60212f7c422321c9b0b80

  • SHA1

    a6d42a59f9d8121cfaab73f4b2b416e229fbafcd

  • SHA256

    8a2fc6d9e2cc5549bc52b8914be340fbd0f72ae63d6f8b7959d1854342767e26

  • SHA512

    b725661cbd3d35d889289fb86a3ca2a6355768cd35e047ff82f64c7717759703c24af2f2ee7bc31f50af3fc073fe9a1dee560d71305f180a2cb56676021aeed0

  • SSDEEP

    12288:BLS6MKtR/ZZ4xYalDPn+v1spR4R9xSQkyRZNQKMza1Nn9zD7N+bd0/:pS6MkR/ZytPnIY2bSQkyRZNXMzeN1o0/

  Score

  10^/10

  agentteslazgratkeyloggerpersistenceratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2