Extracted

• • Target

    58d2b454db2bf30b1101655231fd9e61b7b4a00c3f2b583f4422f8d541b1c91e

  • Size

    423KB

  • MD5

    e0d7b28dd6347e307c7f8a11596a6dfc

  • SHA1

    a08fd1ef59115feefeba7c86e0883a7a598a945e

  • SHA256

    58d2b454db2bf30b1101655231fd9e61b7b4a00c3f2b583f4422f8d541b1c91e

  • SHA512

    a90f9b7b4fb9b280c59b116c2a4ae4142cc921318d661ca9cf2192e55c0421999eef3f853bc8deaafd99b4368879e656f384dd587be16a5f371412887d9b589a

  • SSDEEP

    12288:U9Ez/mnZVKQ6Bci6D+GYFBBeHJYaxpYkwa:oHVKQ6d6qGYFB8lLYkwa

  Score

  10^/10

  stealczgratdiscoveryratspywarestealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2