Extracted

Extracted

• • Target

    IMG_77020316.exe

  • Size

    305KB

  • MD5

    2c44da62f5bf398810c3a0588098e2c8

  • SHA1

    b916038164d5cc19bf02da2fae9ec5ce33df5ca5

  • SHA256

    224e23285395f06085656e63dbc4c1bbfb28433ed4d4a7a398ca9f8c7a77dd1e

  • SHA512

    3451bd258dab8a11286df5fe3c3e965e85e32e110c00d2073f9327927a97c468b9fa00a1d8d13fdafd69cdeda1cede79cdfcf3f58636e6cc9b748f13d97a8f30

  • SSDEEP

    1536:EUGtkijLv6JQJvtzAZiN4M1LG99rGsa8OXK34PNu0PB92EC3CNjm5Lh1c3h0b:aD2MZG9ZGsIK34PNX92ECSNKF13b

  Score

  10^/10

  agentteslazgratkeyloggerpersistenceratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2