Extracted

• • Target

    c8303afc5c9850f518fc9d3e77a2904f71abb9b4c4de87f010f79b1245d2a2d5

  • Size

    367KB

  • MD5

    e14c4eb54c85b006452b07d426db9893

  • SHA1

    4d586bc9d063338d96315985e92a6fb255088baf

  • SHA256

    c8303afc5c9850f518fc9d3e77a2904f71abb9b4c4de87f010f79b1245d2a2d5

  • SHA512

    ef483719b4e4d33761c89b1cbc9b0ddd4d2ccd9944db1d1c7cd9f9ab1804e4fad388c55f80f6218dc754b06def375a68b2b7d01902ee24956d1b1bf6b9f8962b

  • SSDEEP

    6144:Jfvea1snS42x5pK0JcR4DypPotYhIiMuiEIMmH8d/zKXT8g1:Bvea1snS425K0JcRhuNiMEO8pe8g1

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2