Extracted

• • Target

    84327cfe00427263cfacf76ecc911516f2e7af560f84e06db7a0bd9243cc1ecb

  • Size

    367KB

  • MD5

    8c1762606223cd38aece41ce0e5463a8

  • SHA1

    520915b365eb86f97049266618baf066ee467ecb

  • SHA256

    84327cfe00427263cfacf76ecc911516f2e7af560f84e06db7a0bd9243cc1ecb

  • SHA512

    57d3362ecfa91637dea1118ae617e0544d664cfc402520404250b39ea469b3f90629ebcb9f9282287a307531d18af4f8829bf53d5adf5863739e41f040b7bd52

  • SSDEEP

    6144:Jfvea1snS42x5pK0JcR4DypPotYhIiMuiEIMmH8d/zKXT8g6:Bvea1snS425K0JcRhuNiMEO8pe8g6

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2