Extracted

• • Target

    37438fb048680fd349441ff5d80f17caeab6aaef887021be61a96879d7d54865

  • Size

    367KB

  • MD5

    0859de3bc56bdaaa5fe2802115a52912

  • SHA1

    5b74514ba9d33ac666be8f1810c7606734577898

  • SHA256

    37438fb048680fd349441ff5d80f17caeab6aaef887021be61a96879d7d54865

  • SHA512

    25d57c4c245de9b8774676cae2aac2871d8dff96467b2ef0788608011a5dd16a8594d84c167956631acc438c4b53a3542c1ecdea22a0a9f34659508499250507

  • SSDEEP

    6144:GM2eTWsqArSaDRacri00TwSZJtVXZZkJPHloB7DmGxHOs+V4iPTiBs:vbTbqAeMRFr2wU/VXZZkxOmAHOd4iiBs

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2