Extracted

• • Target

    66b56c58735b627dedd96cd9e079be2f0a167df42b15932f054e6e2013c8ce41

  • Size

    395KB

  • MD5

    d39b7113410bf19d48d1f656c0ab009c

  • SHA1

    133ff7840b78b98d639f14ebcc33ad8907503ca5

  • SHA256

    66b56c58735b627dedd96cd9e079be2f0a167df42b15932f054e6e2013c8ce41

  • SHA512

    aac3a59575c6ad91c756f68b37419fe6d90ed1c3f2a481ab4d774353dec462ea9e08e00711b990c0307078ed740360d5d651f3454cd76cff1e71ce0afa10fc77

  • SSDEEP

    6144:tJCwBabC3kBgaI2oQGIbxBlzI6V3EKOyepROs4MPI:tJTs9gaIpQp1/zI6EKOyepRO0I

  Score

  10^/10

  sectopratstealczgratratstealertrojan

  • Detect ZGRat V1

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2