Extracted

• • Target

    fb72cbf91f8f821b6089d93b681cf491ebdbe40e4ebdefa42024372325810e12

  • Size

    367KB

  • MD5

    c90428760a8081ea0cc1f8482cd5d957

  • SHA1

    10361e74c70852bf754c36ec4b801a72626af453

  • SHA256

    fb72cbf91f8f821b6089d93b681cf491ebdbe40e4ebdefa42024372325810e12

  • SHA512

    55c2cb510a61b30f1872b46afbf0692231ec5f7d54e005f767b80225e12e22cf96a3dcf899d82aac7c0d605c319f107a5bca5770c986629f221daccecab9b8fd

  • SSDEEP

    6144:Jfvea1snS42x5pK0JcR4DypPotYhIiMuiEIMmH8d/zKXT8g4:Bvea1snS425K0JcRhuNiMEO8pe8g4

  Score

  10^/10

  stealczgratratstealerdiscovery

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2