Extracted

• • Target

    7044134f51a290c02cc9ef9a15ba82349cbfb5b9ab79d3a509b5a1a2e5493699

  • Size

    367KB

  • MD5

    37a6bf1f3c51b3cc9ef7c0a5fb41b0be

  • SHA1

    b0541af070669879d15d15523ef39796151e884a

  • SHA256

    7044134f51a290c02cc9ef9a15ba82349cbfb5b9ab79d3a509b5a1a2e5493699

  • SHA512

    3d94479ee6a74e746f892d265fb13b8983cbbcde0c5b665506ae6b70716fb8821661966554a78cf5fa827a6a738b34f5e81c5f3e15ff29f7322de93b71c2e5cc

  • SSDEEP

    6144:GM2eTWsqArSaDRacri00TwSZJtVXZZkJPHloB7DmGxHOs+V4iPTiBo:vbTbqAeMRFr2wU/VXZZkxOmAHOd4iiBo

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2