Extracted

• • Target

    5a75581bb646c22b9b07b242e0f6cc3bac3418eee27d58a00c7bb8590a723089

  • Size

    490KB

  • MD5

    38e2874247fff6b221c5a40f32934730

  • SHA1

    a615ce7f6bfeb39a9fd094c570be43e0d7fdc401

  • SHA256

    5a75581bb646c22b9b07b242e0f6cc3bac3418eee27d58a00c7bb8590a723089

  • SHA512

    8c1be9e1e6badace316617c10d1949ecf29e1067d77984f6a5329813b76ce8f6b7fbd73c7d5a0a83ed12131f62804ccd1771e23a47c0a90d18b5770951bf52a5

  • SSDEEP

    6144:bgnzgxVJGo/KFIc4prUaKWv43AUoWwWHgyxSArUUeZN3EUTtwAMQaMWuIrMQVL99:EMxVJbyivpr2eUoWNHgQr2njkQorbf/l

  Score

  10^/10

  stealczgratdiscoveryratspywarestealerbuerloader

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2