Extracted

• • Target

    15a488bee134052e74483014ae68a3c80454ae22a2a53b24bdba01fc13c41782

  • Size

    477KB

  • MD5

    c8214e527b34603462ba203152a643cd

  • SHA1

    c3ee0abab633d3d8967fb8f42473e3c5099c1398

  • SHA256

    15a488bee134052e74483014ae68a3c80454ae22a2a53b24bdba01fc13c41782

  • SHA512

    8caba7ed224dd58bafdba363879f182905592bd82d131cfd8ae7b9e15f4bb60885153b8f3dc0f06d69edfbff9f7375dd85a87b2e8fcbf22a4be8cddf2a5db8d1

  • SSDEEP

    6144:HKEJaW9Wy+GnGnNZ+giaJBe52gtCzBbO+zOEifLW1BjVel1P2FCLTv:jJ99Wx4GzNJkntAbybf+B0l/nv

  Score

  10^/10

  stealczgratdiscoveryratspywarestealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2