Extracted

• • Target

    c13ed8a571c6a8b9c3efc799f405f35450ac23a21295624173707287145fd7ce

  • Size

    359KB

  • MD5

    d1471e74c6fd7e21cb7c34b9f996f29e

  • SHA1

    e4ea0228fc1985b6b86efa01848ac80999b02945

  • SHA256

    c13ed8a571c6a8b9c3efc799f405f35450ac23a21295624173707287145fd7ce

  • SHA512

    f98013636236a4dd01d6a97634decc0cf908f66d221f5076cbccd17ece81adeb791180d6e96df7e99a1b63b8d5ef8fac7250a32d40651b0758d32add6449bb71

  • SSDEEP

    6144:1fWROtR8qx4L35RvrUfpeHYTDw1lPn1HPO0zjWy16uwUdgJR+:WOcqWRjhYnAn1HdUGgJR+

  Score

  10^/10

  stealczgratdiscoveryratspywarestealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2