Extracted

• • Target

    d7a29a6c822d5ac4f4faef4105aa50a563832decca35cfab3c24cb1b389b7f03.exe

  • Size

    416KB

  • MD5

    0251b972016cb69c049602a3d2aa3ff7

  • SHA1

    24847d133682d9d820dc8163019359927b6d71c2

  • SHA256

    d7a29a6c822d5ac4f4faef4105aa50a563832decca35cfab3c24cb1b389b7f03

  • SHA512

    523e359293557144d8c4dc09a6196e4eae5cfa9d11bd8d1353ca8dc347415f019436505fb72e0a5f0332e3ea24fcb97440fce1f64ea0d7ab868d6fd81eb9f77d

  • SSDEEP

    6144:EkIIKkd5F7LcRmt5tuGEBQ4ZHXbA/3TntkIKcqFWWgfLR8tai6:E3DkzF7gmt5tuPBQ6LO3btbKnuLWtf6

  Score

  10^/10

  stealczgratdiscoveryratspywarestealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Detect binaries embedding considerable number of MFA browser extension IDs.

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects encrypted or obfuscated .NET executables

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2