Extracted

• • Target

    c6412c0af961d867d36b3b4c328722ce8069de0d9a9372a02dc50dbdbd45b0e3

  • Size

    367KB

  • MD5

    f09b93a6acda058847e36ab92946902f

  • SHA1

    75fad2559f5cd43359a34791c85e480634d3916d

  • SHA256

    c6412c0af961d867d36b3b4c328722ce8069de0d9a9372a02dc50dbdbd45b0e3

  • SHA512

    abc4e98a411f9a5190ef1dd82238e7af1c7b15df8a91dfb471203f11e6aa6181ca6c7f07c1ac1bb6bc6581bc8a09dbad64d7e89ecb9a30258fd70d718c0a5f9e

  • SSDEEP

    6144:Jfvea1snS42x5pK0JcR4DypPotYhIiMuiEIMmH8d/zKXT8g8:Bvea1snS425K0JcRhuNiMEO8pe8g8

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2