Extracted

• • Target

    a65dc9cbe71f0efde3fd50729cf5576bfb4c870329eed8f90dcd0fc1b9aa97ba.exe

  • Size

    3.4MB

  • MD5

    008d9913e8ce8bb934b93c559a2e32fa

  • SHA1

    10e863115463502aaea5c18f71e02221c6cd02db

  • SHA256

    a65dc9cbe71f0efde3fd50729cf5576bfb4c870329eed8f90dcd0fc1b9aa97ba

  • SHA512

    bb2650f0d776cc479b71987b3a5ef6338eb74b70de04b3628bdf8a1d48199b33d8050b6378b46a75cfba744a8800aa374474197018052184631c5edba0066d55

  • SSDEEP

    98304:h8P8hjuTg6NzRkqDGHiR27pb0WAOfraP1:hkoyTgAj6N1b0WAOfraP1

  Score

  10^/10

  zgratratredline1infostealerspyware

  • Detect ZGRat V1

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2