Extracted

• • Target

    46c518ab0703f0c58639b2d45476c8f0_NEAS

  • Size

    398KB

  • MD5

    46c518ab0703f0c58639b2d45476c8f0

  • SHA1

    63ad635114bf5405a612cce7b8ba3528b6820b90

  • SHA256

    65d8242fbed0d3353c7e08a89eccac1f1fe39cd3b4d35fe44202471dbdff8e9a

  • SHA512

    44c5c6d075b17b432bc76fb075dda81ae23f612d4835f10956897c0d38b784d53b348741ac93701100917d0e4e3fa7cb97850647245384c98d1f9c7adb0d4aa4

  • SSDEEP

    6144:WGuIeB32u0NksV1gwHG7zO4piTyDeDf0BRJFUydBc9qXGzRtKL/:OIeB3/0NkGSeGXO4Cye8BR3TfIqoA/

  Score

  10^/10

  stealczgratdiscoveryratspywarestealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2